ГлавнаяУязвимости → CVE-2025-0890
9.8критическая

CVE-2025-0890

Описание

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

Затрагиваемое ПО
Zyxel Vmg4325-b10a firmwareZyxel Vmg4325-b10aZyxel Sbg3500-n000 firmwareZyxel Sbg3500-n000Zyxel Vmg1312-b10a firmwareZyxel Vmg1312-b10aZyxel Vmg1312-b10b firmwareZyxel Vmg1312-b10bZyxel Vmg1312-b10e firmwareZyxel Vmg1312-b10eZyxel Vmg3312-b10a firmwareZyxel Vmg3312-b10aZyxel Vmg3313-b10a firmwareZyxel Vmg3313-b10aZyxel Vmg3926-b10b firmwareZyxel Vmg3926-b10bZyxel Vmg4380-b10a firmwareZyxel Vmg4380-b10aZyxel Vmg8324-b10a firmwareZyxel Vmg8324-b10aZyxel Vmg8924-b10a firmwareZyxel Vmg8924-b10aZyxel Sbg3300-n000 firmwareZyxel Sbg3300-n000Zyxel Sbg3300-nb00 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025