Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.