- Security researchers warn that two zyxel -deficiencies are abused in nature
- The manufacturer confirmed the results but said the units are no longer supported
- Users are advised to migrate to newer models
Zyxel has recognized a number of security issues with some of its most popular routers, but says it will not issue any patch because of the devices reaching their lives.
Security researchers first discovered two vulnerabilities in a number of Zyxel’s Internet -connected devices in the summer of 2024 and warned earlier this month that the deficiencies are exploited in nature.
In a recently released security advice, the Taiwanese networking equipment manufacturer recognized the shortcomings and the fact that they are being abused in nature, but emphasized that the vulnerable units are past their end of life and thus no longer supported. Instead, users must migrate to newer, still supported devices.
Wide attack surface
The two vulnerabilities are traced as CVE-2024-40891 (incorrect command caloring) and CVE-2025-0890 (weak standard information error).
“Zyxel recently became aware that CVE-2024-40890 and CVE-2024-40891 were mentioned in a post on Greynoise’s blog.
In addition, Vulncheck informed us that they will publish the technical details of CVE-20124-40891 and CVE-2025-0890 on their blog. We have confirmed that the affected models reported by Vulncheck, VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, 5-B10A A, SBG3300 And SBG3500, older products that have reached the end of life (EOL) are for years.
Therefore, we strongly recommend that users replace them with newer generation of products for optimal protection, ”Zyxel said in the counseling.
In his writing, Bleeping computer Says both FOFA and CENSYS show more than 1,500 Zyxel CPE series units exposed to the Internet, suggesting that the attack surface is “significant”. At the same time, Vulncheck also shared a proof-of-concept (POC) against the VMG4325-B10A running firmware version 1.00 (AAFR.4) C0_20170615, which shows that the attack is more than just theoretical.
“While these systems are older and apparently long out of support, they remain very relevant because of their continued use worldwide and the persistent interest from attackers,” Vulncheck said. “The fact that attackers still actively exploit these routers emphasize the need for attention as it is critical to understand the real world attacks for effective security research.”
