CVE-2025-0890

Published Feb 4, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.
Source
security@zyxel.com.tw
NVD status
Awaiting Analysis
CNA Tags
unsupported-when-assigned

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@zyxel.com.tw
CWE-287

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202440891 Zyxel Routers Under Attack: Default Credentials (CVE-2025-0890) and Code Injection (CVE-2024-40891), No Patch! https://t.co/21MewHLDs3

    @Komodosec

    8 Mar 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Zyxel社のルータ製品群にデフォルト認証情報(CVE-2025-0890)とコードインジェクション(CVE-2024-40891)の脆弱性。VulnCheck社報告。組み合わせることでTelnet経由で任意コード実行が可能となる。GreyNoise社報告では既に悪用されている。 https://t.co/M02d1DG6O8 公式は影響機種一覧を開示していない… https://t.co/yw3KaCe2El

    @__kokumoto

    6 Feb 2025

    1040 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. Zyxel won’t patch newly exploited flaws in end-of-life routers: https://t.co/BYdlCSPkGx Zyxel has issued a security advisory regarding two actively exploited vulnerabilities in its end-of-life CPE Series routers, CVE-2024-40891 and CVE-2025-0890, and a third flaw,… https://t.co/

    @securityRSS

    5 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-0890, -40890, -40891: Vulnerabilities in Zyxel CPE, 8.8 - 9.8 rating 🔥 The vulnerabilities include two OS Command Injections, and Improper Authentication via Telnet Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/nz4m78PjTD #cybersecurity #vulnerability_map

    @Netlas_io

    5 Feb 2025

    44 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0890: CRITICAL] Security risk: Default credentials in outdated Zyxel VMG4325-B10A firmware (1.00(AAFR.4)C0_20170615) leave Telnet open to attacks if not changed by administrators.#cybersecurity,#vulnerability https://t.co/ui8FtfBMI6 https://t.co/BJHU6pI6Mu

    @CveFindCom

    4 Feb 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-0890 **UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 cou… https://t.co/spYEefwMGw

    @CVEnew

    4 Feb 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References