Taiwanese hardware manufacturer Zyxel said he had no plans to release a patch for two actively exploited vulnerabilities that affect potential thousands of customers.
Threatening startup of intelligence greynoise warned Late last month that a critical rated zero-day weakness affecting Zyxel routers was actively exploited. Greynoise said the flaws allow attacks to conduct unjust commands on the affected devices, leading to the complete compromise of the system, data exfile, or network infiltration.
The vulnerabilities were discovered by the threat of VulNcheck's threat organization in July last year and reported to Zyxel next month, according to Greynoise, but have not been -pched or formally disclosed by the manufacturer.
In a Advisory This week, Zyxel said that “recently” became aware of two weaknesses-formally monitored as CVE-201in
The company says the flaws were not reported here by VulNcheck and said they first learned of them on January 29, one day after Greynoise reported active exploitation.
Zyxel, that devices are used by more than 1 million businessessays that because these bugs affect “legacy products that reach end-of-life [EOL] For years ”it has no plans to release patches to fix them. Instead, the company advises customers to replace weak routers with “newer generation products for optimal protection.”
“While these systems are older and seemingly long -term support, they remain completely relevant because of their continued use around the world and the long interest from the attacks,” Jacob Baines, CTO told VulNcheck.
According to Cens.
In an update last week, Greynoise said it noticed the detected botnets, including Mirai, who took advantage of one of the vulnerabilities in Zyxel, suggesting it was used in major attacks.
Zyxel spokesman Birgitte Larsen did not respond to many techcrunch requests for the comment.
