NVD disclosure day

Published threat advisories for February 4, 2025

CVE-2024-40891

Zyxel DSL CPE Command Injection Vulnerability

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

Certain Zyxel DSL CPE devices have a security vulnerability that allows an authenticated attacker to execute operating system commands via Telnet. This poses a risk of unauthorized access and control over the affected devices. Organizations should identify and address this vulnerability to mitigate potential business i

NVD published: February 4, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-40890

Zyxel DSL CPE Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability exists in certain Zyxel DSL CPE devices, allowing authenticated attackers to execute OS commands. This can lead to device compromise and potential business risk.

NVD published: February 4, 2025 • CISA KEV