Zyxel has confirmed that it will not be issuing patches for its EOL routers due to an ongoing command injection vulnerability (CVE-2024-40891) affecting its CPE Series devices. Meanwhile, Netgear has released fixes for critical vulnerabilities in its wireless access points and Nighthawk WiFi Pro Gaming router models.
The affected Zyxel models, including VMG1312-B10A, VMG3312-B10A, and others, are “legacy products that have reached end-of-life (EOL) for years.” As a result, users who obtained their devices through an internet service provider (ISP) should contact the ISP for support. Zyxel has acknowledged that VulnCheck researcher Jacob Baines reported the vulnerability but claimed they were not informed about other vulnerabilities until after the public disclosure.
In contrast, Netgear has issued patches for critical flaws in its routers and WiFi access points, including unauthenticated remote code execution on certain models and bypassing authentication on others. While there is no mention of active exploitation, the company strongly recommends downloading the latest firmware as soon as possible to ensure security.
Source: https://www.helpnetsecurity.com/2025/02/05/swap-eol-zyxel-routers-upgrade-netgear-ones-patches-cve-2024-40891