CVE-2025-0890
04.02.2025, 11:15
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.Enginsight
| Vendor | Product | Version |
|---|---|---|
| zyxel | vmg4325-b10a_firmware | - |
| zyxel | sbg3500-n000_firmware | - |
| zyxel | vmg1312-b10a_firmware | - |
| zyxel | vmg1312-b10b_firmware | - |
| zyxel | vmg1312-b10e_firmware | - |
| zyxel | vmg3312-b10a_firmware | - |
| zyxel | vmg3313-b10a_firmware | - |
| zyxel | vmg3926-b10b_firmware | - |
| zyxel | vmg4325-b10a_firmware | - |
| zyxel | vmg4380-b10a_firmware | - |
| zyxel | vmg8324-b10a_firmware | - |
| zyxel | vmg8924-b10a_firmware | - |
| zyxel | sbg3300-n000_firmware | - |
| zyxel | sbg3300-nb00_firmware | - |
| zyxel | sbg3500-nb00_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.