Zyxel says it won’t patch security flaws in its old routers
Posted by:
John Harrison
Security researchers have issued a warning about two vulnerabilities in Zyxel routers being exploited in the wild. Although Zyxel has confirmed the flaws, they won’t be releasing patches as the devices are no longer supported. The identified vulnerabilities, CVE-2024-40891 and CVE-2025-0890, include command validation issues and weak default credentials. Zyxel recommends users upgrade to newer models for better security. The attack surface is significant, with over 1,500 Zyxel devices exposed to the internet. Despite being outdated, these routers remain a target for attackers, emphasizing the need for heightened security measures.
Recent Posts1
