Vulnerability Management, Network Security, Threat Intelligence

Zyxel zero-day flaw actively being exploited

A critical zero-day vulnerability tracked as CVE-2024-40891 affecting Zyxel CPE Series devices is the target of active exploitation, according to The Hacker News.

Cybersecurity researchers at GreyNoise warned that threat intelligence data indicates attack attempts originating from dozens of IP addresses, primarily from Taiwan, with over 1,500 vulnerable devices detected online. The flaw allows attackers to execute arbitrary commands, potentially leading to full system compromise, data theft, or network infiltration. First reported by VulnCheck in July 2024, the vulnerability remains undisclosed and unpatched. Zyxel has not yet commented on the vulnerability. The flaw is similar to CVE-2024-40890, with the key distinction being that the new vulnerability exploits Telnet instead of HTTP. Researchers recommend filtering traffic for unusual HTTP requests and restricting administrative access to trusted IPs. Meanwhile, Arctic Wolf has reported unauthorized access campaigns targeting SimpleHelp remote desktop software. Although it is unclear if the attacks exploit recently disclosed SimpleHelp vulnerabilities, security experts urge organizations to update affected software to mitigate risks.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds