Taiwan Material Manufacturer Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities that potentially affect thousands of customers.
Threats of boot information Greynoise warned Late last month that a critical score of zero vulnerable vulnerability that affects Zyxel routers actively exploited. Greynoise said defects allow attackers to execute arbitrary commands on affected devices, leading to a full system compromise, data exclusion or network penetration.
The vulnerabilities were discovered by the organization of Vulncheck threat information last July and reported to Zyxel next month, according to Greynoise, but had not yet been acquired by the manufacturer.
To one advisory This week, Zyxel said the “recent” was aware of the two vulnerabilities-now formally watched CVE-2024-40890 and CVE-2024-40891-which says they affect multiple products at the end of life.
The company claims that the defects were not mentioned by Vulncheck and says they knew them for the first time on January 29, the day after Greynoise reported an active exploitation.
Zyxel, whose devices are used by more than 1 million businessessays that since these errors affect “old -fashioned products that have reached the end of life [EOL] For years, “he does not plan to release patches to correct them. Instead, the company is advising customers to replace vulnerable routers with” younger generation products for optimal protection “.
In A blog post on TuesdayVulncheck notes that the devices affected are not listed on Zyxel’s EOL page and report that some of the affected models are still available for purchase via Amazon, confirmed by Techcrunch.
“While these systems are larger and seemingly far from support, they remain particularly significant because of their continued use worldwide and constant interest by the attackers,” said Jacob Baines, CTO at Vulncheck.
According to CensorshipA search engine for Internet of Things and Internet assets, almost 1,500 vulnerable devices remain exposed to the internet.
In an update last week, Greynoise said he had noticed Botnets detection, including Mirai, taking advantage of one of Zyxel’s vulnerabilities, suggesting that it is used in large -scale attacks.
Zyxel Birgitte Larsen’s spokesman did not respond to TechCrunch’s multiple requests for comments.
