CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

zyxel

vmg4325-b10a_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2025-0890

CRITICAL9.8

**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.

zyxel / vmg4325-b10a_firmware+14

Network

Published Feb 4, 2025

CVE-2024-40891

HIGH8.8

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.

zyxel / vmg1312-b10a_firmware+13

Network

Published Feb 4, 2025

CVE-2024-40890

HIGH8.8

**UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.

zyxel / vmg1312-b10a_firmware+13

Network

Published Feb 4, 2025