CVE-2025-0890
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.
Analysis
UNSUPPORTED WHEN ASSIGNED Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.8% and no vendor patch available.
Technical Context
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so. Affected products include: Zyxel Vmg4325-B10A Firmware, Zyxel Sbg3500-N000 Firmware, Zyxel Vmg1312-B10A Firmware, Zyxel Vmg1312-B10B Firmware, Zyxel Vmg1312-B10E Firmware. Version information: version 1.00.
Affected Products
Zyxel Vmg4325-B10A Firmware, Zyxel Sbg3500-N000 Firmware, Zyxel Vmg1312-B10A Firmware, Zyxel Vmg1312-B10B Firmware, Zyxel Vmg1312-B10E Firmware.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today