CVE-2025-0890

Name of the Vulnerable Software and Affected Versions Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0 20170615

Description The issue concerns insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A, which could allow an attacker to log in to the management interface if administrators fail to change the default credentials. This includes improper authentication via Telnet and OS Command Injections.

Recommendations For Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0 20170615, consider changing the default Telnet credentials to prevent unauthorized access. As a temporary workaround, restrict access to the Telnet function until the issue is resolved.