Taiwan’s Zyxel, a hardware manufacturer, has stated that it will not be issuing a patch for two vulnerabilities that are actively exploited and could impact thousands of users.
GreyNoise, a company specializing in threat intelligence, alerted last month to a serious zero-day vulnerability concerning Zyxel routers that is currently under active exploitation. According to GreyNoise, these vulnerabilities enable attackers to run arbitrary commands on compromised devices, potentially resulting in complete system takeovers, data breaches, or unauthorized access to networks.
The vulnerabilities were identified by VulnCheck, a threat intelligence organization, in July of the previous year and subsequently reported to Zyxel the following month. However, as noted by GreyNoise, the issues have not been patched or publicly acknowledged by Zyxel.
In a recent security advisory, Zyxel indicated that it has “recently” become aware of two vulnerabilities now officially listed as CVE-2024-40890 and CVE-2024-40891, impacting several end-of-life products.
The company claims that VulnCheck did not inform them of these vulnerabilities, asserting that they only became aware on January 29, one day after GreyNoise disclosed the active exploitation.
Zyxel, serving over a million businesses, has stated that since these vulnerabilities pertain to “legacy products that have been out of support for years,” it does not plan to develop any patches. Instead, the company recommends customers upgrade to “newer-generation products for enhanced protection.”
In a blog entry published on Tuesday, VulnCheck highlighted that affected devices are not listed on Zyxel’s end-of-life page and noted that some models remain available for purchase on Amazon, a fact confirmed by TechCrunch.
“Although these systems are older and appear to be unsupported, their relevance persists due to ongoing use around the globe and continued interest from malicious actors,” stated Jacob Baines, CTO of VulnCheck.
As reported by Censys, a search engine for IoT devices and internet assets, there are currently nearly 1,500 exposed vulnerable devices accessible over the internet.
Last week, GreyNoise reported that it detected botnets, including Mirai, utilizing one of the Zyxel vulnerabilities, indicating its application in extensive attacks.
TechCrunch has made several attempts to reach Zyxel for commentary, but spokesperson Birgitte Larsen has not yet responded.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
