Actively exploited Zyxel router bugs require immediate model upgrades

Ongoing attacks targeting end-of-life Zyxel CPE Series routers impacted by the CVE-2024-40891 and CVE-2025-0890 vulnerabilities that could be leveraged for code execution have prompted Zyxel to recommend immediate upgrades to newer devices as it warned of no longer addressing the actively exploited bugs, BleepingComputer reports.

Included in the affected CPE Series router models were VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, according to Zyxel, citing reporting from VulnCheck — which identified the flaws in July — while disclosing another post-authentication command injection flaw, tracked as CVE-2024-40890. "While these systems are older and seemingly long out of support, they remain highly relevant due to their continued use worldwide and the sustained interest from attackers. The fact that attackers are still actively exploiting these routers underscores the need for attention, as understanding real-world attacks is critical to effective security research," said VulnCheck.