Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

If you own these Zyxel devices uninstall them now: No fix is coming

VulnCheck indicated that many of the vulnerable devices are still available for purchase, despite Zyxel's designation of them as legacy products

byKerem Gülen
February 5, 2025
in Cybersecurity, News

Taiwanese hardware maker Zyxel announced that it will not release a patch for two actively exploited vulnerabilities in multiple legacy DSL customer premises equipment (CPE) products. These vulnerabilities, tracked as CVE-2024-40890 and CVE-2024-40891, allow attackers to execute arbitrary commands, leading to potential system compromise and data exfiltration.

Zyxel will not patch critical vulnerabilities in legacy DSL devices

Threat intelligence startup GreyNoise reported in late January that the zero-day vulnerabilities were being actively exploited, including by Mirai-based botnets, suggesting their use in large-scale attacks. Zyxel claims it first became aware of these vulnerabilities on January 29, after GreyNoise’s alert regarding their exploitation.

VulnCheck discovered the vulnerabilities in July 2024 and reported them to Zyxel in August of the same year. However, Zyxel did not disclose the flaws until now, stating that the legacy products impacted have reached end-of-life (EOL) status for several years. The affected models include:

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

  • VMG1312-B10A
  • VMG1312-B10B
  • VMG1312-B10E
  • VMG3312-B10A
  • VMG3313-B10A
  • VMG3926-B10B
  • VMG4325-B10A
  • VMG4380-B10A
  • VMG8324-B10A
  • VMG8924-B10A
  • SBG3300
  • SBG3500

Zyxel further explained that the WAN access and Telnet functions commonly exploited for these vulnerabilities are disabled by default on these devices; however, an attacker would need to log in using compromised credentials to exploit the bugs. The company noted that because support for these models was halted years ago, it will not provide patches for the vulnerabilities.

VulnCheck indicated that many of the vulnerable devices are still available for purchase, despite Zyxel’s designation of them as legacy products. They also highlighted that the devices utilize hardcoded accounts, making them easy targets for exploitation. Approximately 1,500 vulnerable devices remain exposed to the Internet, according to Censys, a search engine for Internet of Things devices.

In addition to the aforementioned vulnerabilities, Zyxel identified a new vulnerability, CVE-2025-0890, which allows attackers to access the management interface using default credentials. Zyxel’s advice to customers is to replace these legacy products with newer-generation equipment for optimal protection.


Featured image credit: Zyxel

Related Posts

Is ChatGPT down again? Reports indicate ongoing outage

Is ChatGPT down again? Reports indicate ongoing outage

October 24, 2025
Path of Exile: Keepers of the Flame will be the Breach 2.0!

Path of Exile: Keepers of the Flame will be the Breach 2.0!

October 24, 2025
Google Meet now lets you move people in and out of meetings like a lobby

Google Meet now lets you move people in and out of meetings like a lobby

October 24, 2025
Sam Altman: AI will cause “strange or scary moments”

Sam Altman: AI will cause “strange or scary moments”

October 24, 2025
Anthropic gives Claude a real memory and lets users edit it directly

Anthropic gives Claude a real memory and lets users edit it directly

October 24, 2025
Nissan’s Sakura EV gets a solar roof that adds 1,800 miles a year

Nissan’s Sakura EV gets a solar roof that adds 1,800 miles a year

October 24, 2025

LATEST NEWS

Is ChatGPT down again? Reports indicate ongoing outage

Path of Exile: Keepers of the Flame will be the Breach 2.0!

Google Meet now lets you move people in and out of meetings like a lobby

Sam Altman: AI will cause “strange or scary moments”

Anthropic gives Claude a real memory and lets users edit it directly

Nissan’s Sakura EV gets a solar roof that adds 1,800 miles a year

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.