When a security problem appears in a router, it is essential to correct it as soon as possible. If it is not done correctly, that device is unprotected. This can lead to an intruder to access the network, loss of functionality and continuous errors. Now, Zyxel has announced that some failures that have recently exploited and that affect some old models will not correct.
These are two failures that discovered last July, so it is not about recent vulnerabilities. However, it has been now, a few days ago, when, by Greynoise, they have reported that they have detected the exploitation of these failures. Therefore, there are many devices that are exposed on the network.
Exposed Zyxel devices
It is estimated that there may be more than 1500 devices of the Zyxel CPE series, currently exposed on the Internet. Computer pirates have a significant amount of devices that can explode and get control. Specifically, there are two vulnerabilities that will not receive patches.
The first failure has been registered as CVE-2024-40891. In this case, users who are authenticated can exploit Telnet command injection. They take advantage of an existing failure, which affects the validation of commands in Libcms_cli.so. Basically, it allows the execution of arbitrary code through Shell commands.
The second vulnerability has been registered as CVE-2025-0890. This time, they take advantage of the devices that use default and weak access credentials, such as admin, 1234 and the like. This allows the attacker to explode this failure, obtain high privileges and have total access to the system.
On the part of Vulcheck, they have used an exploit to demonstrate how these vulnerabilities can be attacked. They have done it against VMG4325-B10A, with the firmware 1.00 version (AAFR.4) C0_20170615 installed.
There is no solution
They are old devices, but that does not mean that they are not used. In fact, researchers indicate that these devices are present in networks around the world. There are many possible victims who could be affected by this problem and see how their networks are exposed to Intruders.
The solution they give from Zyxel, is simply replacing the affected devices. They have confirmed that these vulnerabilities will not correct, so there will be no patches available for affected firmware versions. Those who continue using these devices will be at risk on the Internet.
Zyxel has confirmed that the affected devices are the following: VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, -B10A , SBG3300 and SBG3500. They are all old devices, which arrived at the end of their useful life. However, they are still used by many, so they are exposed in the network to possible attacks.
In short, if you have any of these mentioned products, Zyxel has announced that he will not launch updates. Therefore, the only way to be sure on the network, and to avoid very varied attacks, is to replace those devices with more new ones, which do receive patches when necessary. Updating the router is key, but it will not always be possible.
