CVE-2025-0890
EUVD-2025-191304.02.2025, 11:15
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zyxel | vmg4325-b10a_firmware | - |
| zyxel | sbg3500-n000_firmware | - |
| zyxel | vmg1312-b10a_firmware | - |
| zyxel | vmg1312-b10b_firmware | - |
| zyxel | vmg1312-b10e_firmware | - |
| zyxel | vmg3312-b10a_firmware | - |
| zyxel | vmg3313-b10a_firmware | - |
| zyxel | vmg3926-b10b_firmware | - |
| zyxel | vmg4325-b10a_firmware | - |
| zyxel | vmg4380-b10a_firmware | - |
| zyxel | vmg8324-b10a_firmware | - |
| zyxel | vmg8924-b10a_firmware | - |
| zyxel | sbg3300-n000_firmware | - |
| zyxel | sbg3300-nb00_firmware | - |
| zyxel | sbg3500-nb00_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.