Zero-Day Vulnerability Under Active Attack Threatens Thousands of Zyxel Devices

Zero-Day Vulnerability Under Active Attack Threatens Thousands of Zyxel Devices

Critical Zero-Day Vulnerability Threatens Zyxel CPE Devices

Security researchers have identified active exploitation of a critical zero-day vulnerability (CVE-2024-40891) affecting Zyxel CPE Series devices. The flaw enables attackers to execute unauthorized commands, potentially leading to system compromise and data theft.

Key Points:
– Over 1,500 vulnerable devices are currently exposed online
– Majority of attack attempts originate from Taiwan
– The vulnerability allows unauthenticated command execution via Telnet
– Related to CVE-2024-40890, which operates via HTTP

Security Recommendations:
1. Filter suspicious HTTP requests to Zyxel CPE management interfaces
2. Limit administrative interface access to trusted IP addresses

SimpleHelp Remote Desktop Campaign
In a separate but noteworthy development, Arctic Wolf detected unauthorized access attempts to SimpleHelp remote desktop software beginning January 22, 2025. The campaign involves:
– Exploitation of recent security vulnerabilities (CVE-2024-57726, -57727, -57728)
– Communication with unauthorized SimpleHelp servers
– Account enumeration and domain information gathering

Organizations using SimpleHelp software are urged to update to the latest patched versions to mitigate these security risks.

Share This Article