Today CISA added two OS command injection vulnerabilities in the Zyxel VMG4325-B10A wireless N VDSL2 bonding combo WAN Gigabit gateway. These vulnerabilities were previously reported by Zyxel on February 4th, 2025. Zyxel reports that the affected products are end-of-life (and have been for a while) and no fix is planned. The vulnerabilities were reported to Zyxel last year by VulnCheck and GreyNoise.
Since the affected products are EOL, CISA directs federal
agencies to “discontinue product utilization if a current mitigation is
unavailable.” A deadline of March 4th, 2025 has been established for
agencies to stop using the affected products.
Posts
No comments:
Post a Comment