Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers.
This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration.
Over 1,500 infected devices have been discovered to be susceptible to this exploit, according to Censys scans; the vulnerability has not been fixed or publicly disclosed.
Hackers Actively Exploiting Zyxel0-day
The vulnerability is a command injection flaw in the telnet interface of Zyxel CPE devices. It allows unauthenticated attackers to execute arbitrary commands by exploiting service accounts such as “supervisor” or “zyuser.”
The command injection vulnerability arises from improper input validation in the telnet management interface of Zyxel CPE devices.
This issue is similar to another vulnerability, CVE-2024-40890, which is based on HTTP rather than telnet. Both vulnerabilities are critical as they bypass authentication mechanisms entirely. Researchers at GreyNoise and VulnCheck have confirmed the exploitation of CVE-2024-40891.
GreyNoise has observed active exploitation attempts in the wild, while VulnCheck initially disclosed the vulnerability to its partners under the name “Zyxel CPE Telnet Command Injection” on August 1, 2024.
Unique IPs Observed
Despite this disclosure, Zyxel has yet to release an official advisory or patch for this critical issue.
Mitigation and Recommendations
Given the critical nature of this vulnerability and the lack of an official patch, organizations using Zyxel CPE devices should take immediate action:
Organizations relying on Zyxel CPE devices must act swiftly to mitigate risks while awaiting a formal patch from the vendor.
Cybersecurity experts recommend continuous monitoring and strict access controls to safeguard against potential attacks stemming from this zero-day flaw.
#Cyber_Security #Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands
Author: Kaaviya RagupathyA significant zero-day vulnerability in Zyxel CPE series devices, identified as CVE-2024-40891, is being actively exploited by attackers.
This vulnerability enables attackers to execute arbitrary commands on affected devices, posing significant risks of system compromise, data theft, and network infiltration.
Over 1,500 infected devices have been discovered to be susceptible to this exploit, according to Censys scans; the vulnerability has not been fixed or publicly disclosed.
Hackers Actively Exploiting Zyxel0-day
The vulnerability is a command injection flaw in the telnet interface of Zyxel CPE devices. It allows unauthenticated attackers to execute arbitrary commands by exploiting service accounts such as “supervisor” or “zyuser.”
The command injection vulnerability arises from improper input validation in the telnet management interface of Zyxel CPE devices.
This issue is similar to another vulnerability, CVE-2024-40890, which is based on HTTP rather than telnet. Both vulnerabilities are critical as they bypass authentication mechanisms entirely. Researchers at GreyNoise and VulnCheck have confirmed the exploitation of CVE-2024-40891.
GreyNoise has observed active exploitation attempts in the wild, while VulnCheck initially disclosed the vulnerability to its partners under the name “Zyxel CPE Telnet Command Injection” on August 1, 2024.
Unique IPs ObservedDespite this disclosure, Zyxel has yet to release an official advisory or patch for this critical issue.
Mitigation and Recommendations
Given the critical nature of this vulnerability and the lack of an official patch, organizations using Zyxel CPE devices should take immediate action:
- Network Monitoring: Filter and monitor traffic for unusual telnet requests targeting Zyxel CPE management interfaces.
- Access Restrictions: Limit administrative interface access to trusted IP addresses only.
- Disable Remote Management: Turn off unused remote management features to reduce attack surfaces.
- Patch Readiness: Regularly check Zyxel’s security advisories for updates and apply patches or mitigations as soon as they are released.
- Device Lifecycle Management: Cease using devices that have reached their end-of-life support period.
Organizations relying on Zyxel CPE devices must act swiftly to mitigate risks while awaiting a formal patch from the vendor.
Cybersecurity experts recommend continuous monitoring and strict access controls to safeguard against potential attacks stemming from this zero-day flaw.
#Cyber_Security #Cyber_Security_News #Vulnerability #Zero-Day #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
