Zyxel Vmg4325-B10A Firmware vulnerabilities

3 known vulnerabilities affecting zyxel/vmg4325-b10a_firmware.

Total CVEs

3

CISA KEV

2

actively exploited

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2

Vulnerabilities

Page 1 of 1

CVE-2025-0890CRITICALCVSS 9.8≤ 1.00(AAFR.4)C0_201706152025-02-04

CVE-2025-0890 [CRITICAL] CWE-287 CVE-2025-0890: **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

CVE-2024-40890HIGHCVSS 8.8KEV≤ 1.00(AAFR.4)C0_201706152025-02-04

CVE-2024-40890 [HIGH] CWE-78 CVE-2024-40890: **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI progr **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

CVE-2024-40891HIGHCVSS 8.8KEV≤ 1.00(AAFR.4)C0_201706152025-02-04

CVE-2024-40891 [HIGH] CWE-78 CVE-2024-40891: **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the managemen **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.