CVE-2024-40891βZyxel DSL CPE OS Command Injection Vulnerability
PUBLISHEDvulnerability record
2025-02-11 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Zyxel DSL CPE OS Command Injection Vulnerability
Description
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
Known To Be Used in Ransomware Campaigns?
Action
The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.