← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-40891 — Actively Exploited: DSL CPE Devices (Zyxel)

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

CVE IDCVE-2024-40891
VendorZyxel
ProductDSL CPE Devices
Vulnerability nameZyxel DSL CPE OS Command Injection Vulnerability
Date added2025-02-11
Remediation due2025-03-04
Known ransomware useUnknown
Required actionThe impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
DescriptionMultiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →