Zyxel Drops the Ball: No Patches for Exploited Legacy Devices – Time for an Upgrade!
Zyxel won’t patch two zero-days affecting legacy DSL CPE products, leaving over 1,500 devices susceptible to a Mirai-based botnet attack. The vulnerabilities, CVE-2024-40890 and CVE-2024-40891, exploit command injection flaws. Zyxel recommends replacing these outdated models, possibly with a newer model that doesn’t double as a hacker’s dream.
Hot Take:
Zyxel has decided to do the technological equivalent of letting your old jalopy fall apart in the garage. Why bother patching outdated devices when you can simply advise customers to upgrade? It’s like having a party and telling half your guests they’re not invited because they wore last season’s outfits. Clearly, legacy devices are out, and cybersecurity fashion is in! Watch out for those command injection bugs, they’re so last year!
Key Points:
– Zyxel won’t patch two zero-day vulnerabilities affecting legacy DSL CPE products.
– Over 1,500 devices are affected by a critical command injection bug.
– The vulnerabilities are being exploited by a Mirai-based botnet.
– Exploitation requires compromised credentials due to default-disabled settings.
– Zyxel advises replacing legacy products for better security.