CVE-2025-0890 | THREATINT

Description

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

PUBLISHED Reserved 2025-01-30 | Published 2025-02-04 | Updated 2025-02-12 | Assigner Zyxel

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

<= 1.00(AAFR.4)C0_20170615

affected

References

www.zyxel.com/...lities-in-certain-legacy-dsl-cpe-02-04-2025 vendor-advisory

cve.org (CVE-2025-0890)

nvd.nist.gov (CVE-2025-0890)

Download JSON