Zyxel Networks has officially acknowledged severe security vulnerabilities in their legacy CPE (Customer Premises Equipment) devices, with threat actors actively exploiting these weaknesses. In an unprecedented move, the network equipment manufacturer has decided against releasing security patches, instead advising customers to upgrade to newer, supported models.
Critical Security Vulnerabilities Detailed
Security researchers at VulnCheck have identified two high-severity vulnerabilities in July 2024. The first vulnerability, tracked as CVE-2024-40891, enables authenticated users to perform Telnet command injections through the libcms_cli.so component, potentially leading to remote code execution. The second flaw, CVE-2025-0890, involves weak default credentials, including a hidden supervisor account with elevated privileges, presenting significant security risks.
Global Impact Assessment
According to Censys platform data, over 1,500 vulnerable Zyxel CPE devices are currently exposed on the internet. The highest concentration of affected devices has been detected in the Philippines, Turkey, United Kingdom, France, and Italy. Security monitoring firm GreyNoise has already detected active exploitation attempts targeting these vulnerabilities in the wild.
Affected Hardware and Manufacturer’s Response
The security flaws impact multiple VMG and SBG series models, including: VMG1312-B10A/B/E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500. Zyxel has emphasized that these devices have reached end-of-life status and are no longer supported for security updates.
Security Mitigation Strategies
For organizations and individuals using affected devices, security experts recommend implementing immediate risk mitigation measures. These include:
– Immediate replacement of vulnerable devices with current, supported models
– Changing default passwords on all network equipment
– Implementing strict access controls to limit device exposure
– Regularly monitoring network traffic for suspicious activities
– Considering network segmentation to isolate vulnerable devices
This security incident highlights a critical aspect of network infrastructure management: the importance of maintaining current hardware and selecting vendors with strong security support commitments. Organizations continuing to operate legacy network devices face increasing risks as new vulnerabilities emerge without the possibility of remediation through security patches. The situation serves as a compelling reminder that hardware lifecycle management is a crucial component of comprehensive cybersecurity strategy.
