CVE-2024-40891 – This is a post-authentication command injection... (How to Fix)

Q: What is the severity of CVE-2024-40891?

CVE-2024-40891 has a CVSS score of 8.8 (HIGH). This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices. An authenticated attacker can execute arbitrary operating system commands via Telnet, potentially taking full control of affected devices. Only legacy devices running specific firmware are affected.

📋 TL;DR

This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices. An authenticated attacker can execute arbitrary operating system commands via Telnet, potentially taking full control of affected devices. Only legacy devices running specific firmware are affected.

💻 Affected Systems

Products:

Zyxel VMG4325-B10A

Versions: Firmware version 1.00(AAFR.4)C0_20170615

Operating Systems: Embedded Linux on Zyxel CPE

Default Config Vulnerable: ⚠️ Yes

Notes: Legacy device no longer supported by vendor. Requires Telnet access and valid credentials.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, pivot to internal networks, intercept/modify traffic, or use device as botnet node.

🟠

Likely Case

Attacker with valid credentials gains shell access to execute commands, potentially stealing credentials, modifying configurations, or disrupting services.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated device with minimal business impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication via Telnet. Listed in CISA Known Exploited Vulnerabilities catalog.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: No patch available - device is end-of-life/unsupported

Vendor Advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

Restart Required: No

Instructions:

1. Review vendor advisory. 2. Replace affected devices with supported models. 3. No firmware patch available for this legacy device.

🔧 Temporary Workarounds

Disable Telnet Service

all

Disable Telnet access to prevent exploitation vector

telnet disable
no telnet server enable

Restrict Network Access

all

Limit Telnet access to trusted management networks only

access-list 10 permit 192.168.1.0 0.0.0.255
line vty 0 4 access-class 10 in

🧯 If You Can't Patch

Replace affected devices with supported models
Implement network segmentation to isolate vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI: show version

Check Version:

show version

Verify Fix Applied:

Verify Telnet service is disabled: show running-config | include telnet

📡 Detection & Monitoring

Log Indicators:

Telnet authentication logs from unusual IPs
Command execution patterns in system logs
Multiple failed authentication attempts

Network Indicators:

Telnet connections to device management interface
Unusual outbound connections from device

SIEM Query:

source="device_logs" AND (event="telnet" OR event="authentication") AND (src_ip NOT IN [trusted_management_ips])

📊 Metadata

CVE ID: CVE-2024-40891

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 39.3% exploit probability (97.2th percentile)

CISA KEV: Actively Exploited added Feb 11, 2025

Published: February 4, 2025

Last Updated: October 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40891, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sbg3300 N000 Firmware by Zyxel

Sbg3300 Nb00 Firmware by Zyxel

Sbg3500 N000 Firmware by Zyxel

Sbg3500 Nb00 Firmware by Zyxel

Vmg1312 B10a Firmware by Zyxel

Vmg1312 B10b Firmware by Zyxel

Vmg1312 B10e Firmware by Zyxel

Vmg3312 B10a Firmware by Zyxel

Vmg3313 B10a Firmware by Zyxel

Vmg3926 B10b Firmware by Zyxel

Vmg4325 B10a Firmware by Zyxel

Vmg4380 B10a Firmware by Zyxel

Vmg8324 B10a Firmware by Zyxel

Vmg8924 B10a Firmware by Zyxel