Insecure Default Credentials Affecting Zyxel DSL CPE Firmware

CVE-2025-0890

What is CVE-2025-0890?

CVE-2025-0890 is a security vulnerability identified in Zyxel's DSL CPE firmware, specifically related to the legacy model VMG4325-B10A. This firmware is integral for managing DSL connections, facilitating internet access for various environments. The vulnerability stems from insecure default credentials associated with the Telnet functionality. If an organization fails to change these default credentials, it opens the door for attackers to gain unauthorized access to the management interface, potentially compromising the network and data integrity.

Technical Details

The vulnerability exists within the management framework of the DSL CPE firmware, where the default Telnet credentials are not sufficiently secure. Administrators have the option to modify these settings, but neglecting to do so results in an easy point of entry for malicious actors. The issue is categorized as "unsupported when assigned," indicating that the vulnerability may not have received prior scrutiny or updates and lacks a current patch from the vendor.

Potential Impact of CVE-2025-0890

1. Unauthorized Access: Attackers could exploit the insecure default credentials to gain unauthorized administrative access to the device, allowing them to manipulate settings or deploy malicious software within the network.

2. Network Compromise: With control over the device, an attacker could disrupt service, reroute traffic, or launch further attacks against internal systems, potentially leading to wider network vulnerabilities or failures.

3. Data Breaches: Gaining access to the management interface increases the risk of sensitive data exposure. Attackers may intercept communications or extract confidential information stored on the network, leading to significant reputational and financial damage for the organization.

References