Zyxel, the Taiwanese manufacturer company, says he has no plans to issue a scale of two weaknesses used actively affecting thousands of potential customers.
Greynoise to caution At the end of last month, a security vulnerability was exploited on the classified zero day that affects the ZYXEL routers actively. Greynoise said that defects allow attackers to carry out arbitrary orders on affected devices, which leads to the completion of system settlement, data disposal or network infiltration.
Vulncheck threats were discovered in July of last year and informed Zyxel the following month, according to Greynoise, but it was not officially corrected or disclosed.
in consultative This week, Zyxel said it was “recently” familiar with weak gaps-which have now been officially followed by Cve-2024-40890 and CVE-2024-40891-which says it affects the end-of-life products.
The company claims that the defects were not reported by Vulncheck and say it was first familiar with it on January 29, after a day of reporting active exploitation.
Zixel, Their devices are used by more than a million companiesHe says that since these errors affect “old products that have reached the end of life (EOL) for years”, they have no plans to issue corrections to repair them. Instead, the company advises customers to replace weak routers with “newer generation products for optimal protection”.
in Tuesday blog postVulncheck notes that the affected devices are not listed on the Zyxel EOL page and say that some of the affected models are still available for purchase through Amazon, which are confirmed by Techcrunch.
“While these systems are older and it seems long for support, it remains greatly relevant because of its continued use around the world and the constant interest of the attackers,” said Jacob Benz, CTO in Volinkik.
according to DanceThe search engine for Internet of Things and Internet Assets remains approximately 1,500 weak online devices.
In the update last week, Greynoise said she noticed that the discovered robots, including Mirai, used one of the weaknesses in Zixel, indicating that it is used in large -scale attacks.
Zyxel Birgitte Larsen spokesman for the multiple request for comment.
