⚠ Actively exploited
Added to CISA KEV on 2025-02-11. Federal agencies required to patch by 2025-03-04. Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable..
CVE-2024-40891
Severity
8.8HIGH
EPSS
53.1%
top 2.04%
CISA KEV
KEV
Added 2025-02-11
Due 2025-03-04
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
KEV addedFeb 11
Latest updateFeb 24
KEV dueMar 4
CISA Required Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Description
**UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-pm4h-579g-cgqq: **UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10↗2025-02-04
CVEList▶
CVE-2024-40891: **UNSUPPORTED WHEN ASSIGNED**
A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10↗2025-02-04
🔍Detection Rules
1Suricata▶
ET EXPLOIT Zyxel runCommandInShell Telnet Service Command Injection Attempt (CVE-2024-40891)↗2025-02-24