Zyxel VMG4325-B10A
0 remedies
cpe:2.3:h:zyxel:vmg4325-b10a:*:*:*:*:*:*:*, +1 more
0 remedies
- 1.00(AAFR.4)C0_20170615
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Zyxel DSL CPE Command Injection Vulnerability in VMG4325-B10A
Vulnerability
Exploited
A post-authentication command injection vulnerability has been identified in the management commands of the Zyxel VMG4325-B10A DSL CPE model, specifically in the firmware version 1.00(AAFR.4)C0_20170615. This vulnerability allows an authenticated attacker to execute operating system commands on the affected device via Telnet. However, it is important to note that WAN access and the Telnet function are disabled by default on these devices. Exploitation of this vulnerability would require knowledge of the user-configured passwords, which, if compromised, could lead to unauthorized command execution on the device.
Impact
Exploitation of this vulnerability could result in unauthorized execution of operating system commands on the affected device via Telnet.
Remediation
Zyxel advises users to replace legacy products like the VMG4325-B10A with newer-generation equipment for optimal protection. For those who obtained their Zyxel product through an internet service provider, it is recommended to contact the ISP for support. Additionally, disabling remote access and periodically changing passwords can help prevent potential attacks.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
6.6remediation
0.0relevance
0.0threat
9.1urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.