Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

If you own these Zyxel devices uninstall them now: No fix is coming

VulnCheck indicated that many of the vulnerable devices are still available for purchase, despite Zyxel's designation of them as legacy products

byKerem Gülen
February 5, 2025
in Cybersecurity, News

Taiwanese hardware maker Zyxel announced that it will not release a patch for two actively exploited vulnerabilities in multiple legacy DSL customer premises equipment (CPE) products. These vulnerabilities, tracked as CVE-2024-40890 and CVE-2024-40891, allow attackers to execute arbitrary commands, leading to potential system compromise and data exfiltration.

Zyxel will not patch critical vulnerabilities in legacy DSL devices

Threat intelligence startup GreyNoise reported in late January that the zero-day vulnerabilities were being actively exploited, including by Mirai-based botnets, suggesting their use in large-scale attacks. Zyxel claims it first became aware of these vulnerabilities on January 29, after GreyNoise’s alert regarding their exploitation.

VulnCheck discovered the vulnerabilities in July 2024 and reported them to Zyxel in August of the same year. However, Zyxel did not disclose the flaws until now, stating that the legacy products impacted have reached end-of-life (EOL) status for several years. The affected models include:

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

  • VMG1312-B10A
  • VMG1312-B10B
  • VMG1312-B10E
  • VMG3312-B10A
  • VMG3313-B10A
  • VMG3926-B10B
  • VMG4325-B10A
  • VMG4380-B10A
  • VMG8324-B10A
  • VMG8924-B10A
  • SBG3300
  • SBG3500

Zyxel further explained that the WAN access and Telnet functions commonly exploited for these vulnerabilities are disabled by default on these devices; however, an attacker would need to log in using compromised credentials to exploit the bugs. The company noted that because support for these models was halted years ago, it will not provide patches for the vulnerabilities.

VulnCheck indicated that many of the vulnerable devices are still available for purchase, despite Zyxel’s designation of them as legacy products. They also highlighted that the devices utilize hardcoded accounts, making them easy targets for exploitation. Approximately 1,500 vulnerable devices remain exposed to the Internet, according to Censys, a search engine for Internet of Things devices.

In addition to the aforementioned vulnerabilities, Zyxel identified a new vulnerability, CVE-2025-0890, which allows attackers to access the management interface using default credentials. Zyxel’s advice to customers is to replace these legacy products with newer-generation equipment for optimal protection.


Featured image credit: Zyxel

Related Posts

ChatGPT reportedly reduces reliance on Reddit as a data source

ChatGPT reportedly reduces reliance on Reddit as a data source

October 3, 2025
Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

October 3, 2025
Light-powered chip makes AI computation 100 times more efficient

Light-powered chip makes AI computation 100 times more efficient

October 3, 2025
Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
Choosing the right Web3 server: OVHcloud options for startups to enterprises

Choosing the right Web3 server: OVHcloud options for startups to enterprises

October 3, 2025
Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.