Skip to main content

Vmg1312 B10A Firmware

4 CVEs product

Monthly

CVE-2025-0890 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.8% and no vendor patch available.

Zyxel Authentication Bypass Vmg4325 B10A Firmware Sbg3500 N000 Firmware Vmg1312 B10A Firmware +11
NVD
CVSS 3.1
9.8
EPSS
23.8%
CVE-2024-40891 HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device.

Command Injection Zyxel Vmg1312 B10A Firmware Vmg1312 B10B Firmware Vmg1312 B10E Firmware +11
NVD
CVSS 3.1
8.8
EPSS
55.4%
CVE-2024-40890 HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device).

Command Injection Zyxel Vmg1312 B10A Firmware Vmg1312 B10B Firmware Vmg1312 B10E Firmware +11
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2015-7256 MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware Nwa1100 Nh Firmware Nwa1121 Ni Firmware +22
NVD
CVSS 3.0
5.9
EPSS
0.1%
EPSS 24% CVSS 9.8
CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.8% and no vendor patch available.

Zyxel Authentication Bypass Vmg4325 B10A Firmware +13
NVD
EPSS 55% CVSS 8.8
HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device.

Command Injection Zyxel Vmg1312 B10A Firmware +13
NVD
EPSS 46% CVSS 8.8
HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device).

Command Injection Zyxel Vmg1312 B10A Firmware +13
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Information Disclosure Nwa1100 N Firmware +24
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy