Insecure Default Credentials Affecting Zyxel DSL CPE Firmware
CVE-2025-0890

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Vmg4325-b10a Firmware
Vendor: CVE Published:; 4 February 2025

Summary

The Zyxel VMG4325-B10A DSL CPE firmware is affected by a vulnerability due to insecure default credentials associated with the Telnet function. This flaw allows unauthorized access to the management interface when the provided default credentials are not modified by administrators. As a result, attackers could exploit this oversight to gain unauthorized control, potentially leading to further compromises in network security. It is crucial for users of this device to ensure that they update the credentials to enhance their device's security.

Affected Version(s)

VMG4325-B10A firmware <= 1.00(AAFR.4)C0_20170615

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 30, 2025