Zyxel Routers Vulnerable: No More Security Updates Available

Recent developments have highlighted a significant security concern regarding several models of Zyxel routers, which are no longer receiving support or security updates from the manufacturer. As a result, users of these devices are urged to take immediate action to protect their networks.

According to Zyxel, the support for the affected router models has been discontinued for several years, making these devices susceptible to ongoing cyber attacks. The urgency of the situation is exacerbated by current threats, particularly from a Mirai botnet malware that targets these outdated routers.

Network administrators are advised to promptly remove these vulnerable devices from service and replace them with more secure, up-to-date routers. The specific models at risk include:

• VMG1312-B10A
• VMG1312-B10B
• VMG1312-B10E
• VMG3312-B10A
• VMG3313-B10A
• VMG3926-B10B
• VMG4325-B10A
• VMG4380-B10A
• VMG8324-B10A
• VMG8924-B10A
• SBG3300
• SBG3500

Cyber attackers are exploiting vulnerabilities identified in these devices, particularly issues cataloged under CVE-2024-40890, CVE-2024-40891, and CVE-2025-0890, which present high to critical risks. These vulnerabilities can allow unauthorized users to gain access to administrative credentials through insecure default settings, leading to potential full device compromise.

Additionally, attackers can execute commands at the system level, increasing the risk of further malicious activities. Security researchers from VulnCheck have reported that approximately 1,500 of these vulnerable routers are publicly accessible over the internet, heightening the urgency for administrators to act swiftly.

It is noteworthy that some of the affected models may still be available for purchase in retail outlets, further complicating the situation as unknowing users could inadvertently acquire these insecure devices.

In conclusion, network administrators and users are strongly advised to review their router devices and replace any that are on the list of unsupported models to mitigate the risks posed by these known vulnerabilities.