Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
According to Zyxel, Taiwanese hardware manufacturer, Zyxel does not plan to release a repair for two actively exploited vulnerabilities that potentially affect thousands of customers.
Threat to intelligence start Greynoise warned At the end of last month, Zyxel routers were actively exploited by a critical zero -day vulnerability. According to Greynoise, errors allow attackers to execute any commands on the affected devices, resulting in compromise on the entire system, data selection or network infiltration.
According to Greynoise, Vulncheck’s threatening intelligence organization was discovered by Vulncheck last July and announced it next month, but has not yet been repaired or formally disclosed by the manufacturer.
One consultant This week, Zyxel said that it was “recently” acknowledged the two vulnerabilities, which are officially followed by CVE-2024-40890 and CVE-2024-40891, which affects multiple life products.
The company claims that the bugs have not been reported by Vulncheck and claims that it first reported on January 29, one day after Greynoise was active exploitation.
Zyxel, whose assets are used by over one million businessesHe says that since these errors “affect old products that have reached the end of life (EOL) for years”, they do not plan to issue repairs for repair. Instead, the company advises customers to replace vulnerable routers with “newer generation products for optimal protection”.
-In Blog post on TuesdayVulncheck notes that the tools concerned are not on the Zyxel Eol page and says that some of the affected models can still be purchased via Amazon, which has been confirmed by Techcrunch.
“Although these systems are older and seemingly long support, they continue to be relevant because of their worldwide use and attackers’ long -term interest,” said Jacob Baines, CTO at Vulncheck.
According to CensysThe Internet tools and the search engine of the Internet devices, almost 1,500 vulnerable devices are left out for the Internet.
In last week’s upgrade, Greynoise said he had observed that he had noticed the botnets, including Mirai, and exploit Zyxel’s vulnerability, suggesting that he is used in large-scale attacks.
Zyxel spokesman Birgitte Larsen did not respond to Techcrunch’s multiple comments.
