Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
ATT&CK techniques detected
T1190Exploit Public-Facing Application
98%
"active exploitation of zero - day zyxel cpe vulnerability ( cve - 2024 - 40891 ) 2025 - 01 - 29 update after identifying a significant overlap between ips exploiting cve - 2024 - 40891 and those classified as mirai, the team investigated a recent variant of mirai and confirmed th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
78%
"command injection attempts ), with the main difference being that the former is telnet - based while the latter is http - based. both vulnerabilities allow unauthenticated attackers to execute arbitrary commands using service accounts ( supervisor and / or zyuser ). background vu…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
CVE-2024-40891: Zyxel CPE Zero-day Exploitation. Hackers are actively exploiting a telnet-based command injection vulnerability in Zyxel CPE devices, impacting 1,500+ exposed systems. No patch is available yet.