CVE-2024-40890 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-02-04

Added to CISA KEV: 2025-02-11 7 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
URGENT: Replace affected VMG4325-B10A devices immediately as they are legacy/unsupported with no patches available
Disable remote management interfaces if replacement cannot be immediate
Implement network segmentation to isolate affected devices
Monitor for suspicious network activity and unauthorized command execution

CVE-2024-40890 is a security vulnerability affecting specific legacy Zyxel DSL customer premises equipment (CPE) routers ^[1] ^[3].

Type: Post-authentication OS command injection ^[1].
Mechanism: The vulnerability exists in the CGI program of the affected firmware. An authenticated attacker can execute arbitrary operating system commands by sending a crafted HTTP POST request to the device ^[1] ^[2].

Active Exploitation: The vulnerability is reported to be actively exploited in the wild and has been included in CISA’s Known Exploited Vulnerabilities (KEV) catalog ^[3].
Requirements: Exploitation requires the attacker to be authenticated to the device ^[1].
Impact: Successful exploitation allows for full command execution on the router. This can lead to complete system compromise, enabling attackers to access sensitive information, modify system files, disrupt operations, and facilitate lateral movement within the network ^[2] ^[3].

Affected Versions: The vulnerability specifically impacts the legacy Zyxel VMG4325-B10A and VMG1312-B10A models running firmware version `1.00(AAFR.4)C0_20170615` ^[1] ^[3].
Status: The vulnerability is classified as "UNSUPPORTED WHEN ASSIGNED," indicating that the affected product is likely end-of-life (EOL) and no longer receiving official security updates from the vendor ^[1] ^[4]. Users are generally advised to replace end-of-life hardware to mitigate risks associated with unpatchable vulnerabilities.

CVE-2024-40890 Detail - NVD
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 ... An official website of the United States government Here's how you know ... Vulnerabilities. CVE-2024-40890 Detail. Unsupported When Assigned…
CVE-2024-40890 - Exploits & Severity - Feedly
CVE Id: CVE-2024-40890 Release Date: 2025-02-07 Update Date: 2025-02-07 Description **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00 (AAFR.4)C0_20170615 could allow an authenticated a…
CVE-2024-40890: Zyxel VMG1312-B10A Firmware RCE Flaw
CVE-2024-40890 is a remote code execution vulnerability in Zyxel VMG1312-B10A Firmware. Learn about its impact, affected versions, and mitigation methods.Critical Impact. This vulnerability is actively being exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) cat…
CVE-2024-40890 - GitHub Advisory Database
A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00 (AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. ..

🔴 CVE-2024-40890