VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
