CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute arbitrary commands on affected devices, potentially leading to complete system compromise, network infiltration, and data exfiltration. About CVE-2024-40891 The existence of CVE-2024-40891 was first publicly acknowledged by vulnerability intelligence firm VulnCheck in July 2024 but, nearly six months … More
The post Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) appeared first on Help Net Security.
This article has been indexed from Help Net Security