Zyxel has issued a warning about actively exploited vulnerabilities (CVE-2024-40890, CVE-2024-40891, CVE-2025-0890) affecting its multiple products in devices from the CPE series (VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300 и SBG3500) with expired support period. A malicious actor could exploit these vulnerabilities to cause a system crash, execute arbitrary OS commands and bypass an authentication.

The manufacturer stated that it does not plan to release patches and urged users to switch to supported device models.

Source: zyxel.com