Incorrect default permissions in Zyxel CPE series devices
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-0890 |
| CWE-ID | CWE-276 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
VMG1312-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG1312-B10B Hardware solutions / Routers & switches, VoIP, GSM, etc VMG1312-B10E Hardware solutions / Routers & switches, VoIP, GSM, etc VMG3312-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG3313-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG3926-B10B Hardware solutions / Routers & switches, VoIP, GSM, etc VMG4325-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG4380-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG8324-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc VMG8924-B10A Hardware solutions / Routers & switches, VoIP, GSM, etc SBG3300 Hardware solutions / Routers & switches, VoIP, GSM, etc SBG3500 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | ZyXEL Communications Corp. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Incorrect default permissions
EUVDB-ID: #VU103597
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-0890
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insecure default credentials for the Telnet function. A remote attacker can log in to the management interface on the target device.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsVMG1312-B10A: All versions
VMG1312-B10B: All versions
VMG1312-B10E: All versions
VMG3312-B10A: All versions
VMG3313-B10A: All versions
VMG3926-B10B: All versions
VMG4325-B10A: All versions
VMG4380-B10A: All versions
VMG8324-B10A: All versions
VMG8924-B10A: All versions
SBG3300: All versions
SBG3500: All versions
CPE2.3- cpe:2.3:h:zyxel_communications_corp:vmg1312-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg1312-b10b:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg1312-b10e:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg3312-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg3313-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg3926-b10b:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg4325-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg4380-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg8324-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:vmg8924-b10a:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:sbg3300:*:*:*:*:*:*:*:*
- cpe:2.3:h:zyxel_communications_corp:sbg3500:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
