ZYXEL recommended customers to buy new routers, because it will not eliminate vulnerabilities in the old

The Taiwanese manufacturer of network equipment ZYXEL said that it does not plan to produce software updates for its devices and close two recently discovered vulnerabilities that are actively operated by cybercriminals and can affect several thousand customers.

Image source: Greynoise.io

The critical vulnerabilities of the zero day in the ZYXEL routers are actively operated by cybercriminals, Greynoise specializing in the analysis of threats said at the end of January. These errors allow attackers to perform arbitrary commands on devices, which leads to compromising the system, data leaks and penetration into a local network. Back in July last year, they were discovered by Vulncheck, in August Zyxel was informed about this, but the manufacturer still did nothing.

Only on the eve of the ZYXEL website, a message appeared that the company “recently” learned about two vulnerabilities that are held under the numbers of the CVE-2024-40890 and CVE-2024-40891 and, according to it, affect several products with expired support deadlines. Vulncheck, according to the Taiwanese manufacturer, did not report anything about these vulnerabilities, and he learned about the problem only in January, when Greynoise said that they are actively operated. Errors affect “outdated products, the life of which expired many years ago,” Zyxel emphasized, so the company does not intend to produce software updates correcting them.

The manufacturer recommended that customers replace the vulnerable routers “new generation products for optimal protection.” At the same time, these devices are not mentioned in the list of devices removed from the support on the ZYXEL website, and some of them are still sold on Amazon, from which we can conclude that in practice they remain relevant, drew attention to Vulncheck. Almost 1,500 vulnerable devices are now available via the Internet, the data of the Censys profile search engine read. The analysis of the botnets, including Mirai, showed that one of the vulnerabilities of Zyxel devices is operated in practice, and therefore, this equipment can be used in large -scale attacks, drew attention to Greynoise.