

Multiple TP-Link Products Vulnerabilities
January 31, 2025
GuLoader Malspam Campaign – Active IOCs
January 31, 2025
Multiple TP-Link Products Vulnerabilities
January 31, 2025
GuLoader Malspam Campaign – Active IOCs
January 31, 2025Severity
High
Analysis Summary
CVE-2024-40890 CVSS:7.2
Zyxel CPE Series could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
CVE-2024-40891 CVSS:7.2
Zyxel CPE Series could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
Impact
- Gain Access
- Information Theft
Indicators of Compromise
CVE
CVE-2024-40890
CVE-2024-40891
Affected Vendors
- Zyxel
Affected Products
- Zyxel CPE Series devices
Remediation
Refer to Zyxel Website for patch, upgrade, or suggested workaround information.