ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·2/11/2025
CVE-2024-40891 added to CISA KEV: Zyxel DSL CPE Devices
Status: ✅ Confirmed exploited in the wild
Date added: 2025-02-11
Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Due date: 2025-03-04
Why this matters
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.