Zyxel VMG4325-B10A
0 remedies
cpe:2.3:h:zyxel:vmg4325-b10a:*:*:*:*:*:*:*, +1 more
0 remedies
- 1.00(AAFR.4)C0_20170615
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Zyxel VMG4325-B10A Command Injection Vulnerability in Legacy DSL CPE
Vulnerability
Exploited
A post-authentication command injection vulnerability has been identified in the CGI program of the Zyxel VMG4325-B10A DSL CPE, running firmware version 1.00(AAFR.4)C0_20170615. This vulnerability allows authenticated attackers to execute operating system commands on the affected device by sending a crafted HTTP POST request. The issue arises because the device's default WAN access is disabled, meaning the attack can only be successful if user-configured passwords have been compromised.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected device.
Remediation
Zyxel advises users to replace legacy products like the VMG4325-B10A with newer-generation equipment. For those who obtained their Zyxel device through an internet service provider, please contact the ISP for support.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
6.6remediation
0.0relevance
0.0threat
8.9urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.