← Back

CVE-2025-0890

nvd nist
Published: Feb 4, 2025Modified: Dec 15, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@zyxel.com.tw (Secondary)

Description

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

Affected (14)

Zyxel
14 products
Sbg3500 N000 Firmware
Vmg1312 B10a Firmware
Vmg1312 B10b Firmware
Vmg1312 B10e Firmware
Vmg3312 B10a Firmware
Vmg3313 B10a Firmware
Vmg3926 B10b Firmware
Vmg4325 B10a Firmware
Vmg4380 B10a Firmware
Vmg8324 B10a Firmware
Vmg8924 B10a Firmware
Sbg3300 N000 Firmware
Sbg3300 Nb00 Firmware
Sbg3500 Nb00 Firmware
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sbg3500 N000 Firmware
All versions
Running on/withPlatform Versions
Zyxel
Sbg3500 N000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg1312 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg1312 B10a
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg1312 B10b Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg1312 B10b
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg1312 B10e Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg1312 B10e
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3312 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg3312 B10a
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3313 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg3313 B10a
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg3926 B10b Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg3926 B10b
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg4325 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg4325 B10a
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg4380 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg4380 B10a
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8324 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg8324 B10a
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vmg8924 B10a Firmware
All versions
Running on/withPlatform Versions
Zyxel
Vmg8924 B10a
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sbg3300 N000 Firmware
All versions
Running on/withPlatform Versions
Zyxel
Sbg3300 N000
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sbg3300 Nb00 Firmware
All versions
Running on/withPlatform Versions
Zyxel
Sbg3300 Nb00
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sbg3500 Nb00 Firmware
All versions
Running on/withPlatform Versions
Zyxel
Sbg3500 Nb00
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (1)

Source: security@zyxel.com.tw
Vendor Advisory

Timeline

No history available yet.