CVE-2024-40891β€”Zyxel DSL CPE OS Command Injection Vulnerability

PUBLISHEDvulnerability record
2025-02-11 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2024-40891
Project:
Zyxel
Product:
DSL CPE Devices
Date Added:
2025-02-11
Due Date:
2025-03-04
Last Updated:
June 21, 2025

Vulnerability Name

Zyxel DSL CPE OS Command Injection Vulnerability

Description

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

Additional Notes

Related News Articles

Related Weaknesses