PatchSiren cyber security CVE debrief
CVE-2024-40891 Zyxel CVE debrief
CVE-2024-40891 is a Zyxel DSL CPE OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-11. The KEV entry also notes the impacted product may be end-of-life or end-of-service, and that users should discontinue use if no current mitigation is available.
- Vendor
- Zyxel
- Product
- DSL CPE Devices
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-02-11
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-02-11
Who should care
Organizations still operating Zyxel DSL CPE devices, especially legacy deployments and service-provider-managed environments. Asset owners, network teams, and vulnerability management teams should treat this as a priority if any affected DSL CPE equipment remains in service.
Technical summary
The available source corpus identifies CVE-2024-40891 as an OS command injection issue in Zyxel DSL CPE devices. CISA’s KEV entry links to Zyxel security advisories for certain legacy DSL CPE products and flags the possibility that the impacted product is end-of-life or end-of-service, which can limit patching options. Because the vulnerability is in the KEV catalog, it is considered known to be exploited in the wild.
Defensive priority
High. KEV-listed vulnerabilities require prompt attention, and the source material indicates mitigation may be unavailable for some legacy devices. If affected equipment is still deployed, prioritize removal, replacement, or vendor-recommended mitigation.
Recommended defensive actions
- Identify all Zyxel DSL CPE devices in your environment, including legacy and service-provider-managed assets.
- Check whether any deployed devices match the affected Zyxel legacy DSL CPE advisories referenced by CISA.
- If a vendor mitigation is available, apply it immediately and verify exposure reduction.
- If the device is end-of-life or end-of-service and no mitigation exists, discontinue use and plan replacement.
- Review perimeter exposure for any internet-facing DSL CPE management interfaces and restrict access where possible.
- Track this CVE as a KEV item and complete remediation before the CISA due date if you are subject to federal or internal KEV timelines.
Evidence notes
This debrief is based only on the supplied corpus and official links: CISA KEV lists CVE-2024-40891 with vendor Zyxel, product DSL CPE Devices, date added 2025-02-11, and due date 2025-03-04. The KEV metadata notes that the impacted product could be end-of-life/end-of-service and points to Zyxel security advisories and the NVD record. No additional exploit details, affected model list, or patch status beyond those sources were used.
Official resources
-
CVE-2024-40891 CVE record
CVE.org
-
CVE-2024-40891 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
-
Source item URL
cisa_kev
Publicly disclosed and listed by CISA in the Known Exploited Vulnerabilities catalog on 2025-02-11. The supplied source corpus references Zyxel advisories for certain legacy DSL CPE devices and notes possible end-of-life/end-of-service risk