I needed a vdsl router for a home connection and had a Zyxel VMG1312-B10A in my spares box and remembered that these were/are popular devices due to having the Broadcom BCM63168 chipset and also allow for custom firmware to be uploaded.

The device has a hidden supervisor (super admin) account available on it that will give you access to extra features not normally available via the normal “admin” login.

This was carried out on a vanilla device i.e not supplied by an isp with their specific firmware loaded so YMMV.

Obtaining the supervisor password
Firstly not all firmware versions allow the extraction of the password but after some searching I managed to obtain one. V1.00(AAJZ.11)C0

This tutorial assumes you are proficient with flashing the device via the gui and understand telnet/ssh etc.

Download firmware V1.00(AAJZ.11)C0.zip and extract files to a folder
Open gui to http://192.168.1.1
Log in using admin/1234 (or whatever password you have previously set)
Click Maintenance > Firmware Upgrade
Click Choose File and select the bin file from the zip you previously downloaded
Click Upload
Wait 5 minutes
Reconnect to GUI
From the Connection Status page click the right arrow labelled “Status” on the far right of the screen.
On the page that open under the device information pane the firmware version should show V1.00(AAJZ.11)C0 this verifies you have flashed the firmware successfully.
Using PUTTY or similar open a telnet session to 192.168.1.1 Login: admin Password: 1234
In putty set lines of scrollback to 9999
In the command prompt type
save_default clean
Then type
dumpmdm
This will result in many many lines of configuration text being outputted to your terminal window.
Copy and paste all of the text into a notepad document

Search the notepad document for
AdminUserName

The first line will be

<*AdminUserName>supervisor<*AdminUserName>

which is the username you will use

The line directly after it will be similar to
<*AdminPassword>z84fd3b9<*AdminPassword>

This is your Supervisor account password so copy it and keep somewhere safe.

Exit/close your terminal window.
Open a browser page to http://192.168.1.1
Login using the supervisor username and password.
Congratulations you now have access to extra features etc.
You can also login as a supervisor via telnet and will give you access to a real shell by using the sh command as opposed to the simple/strangled command one when logging in as admin.

There are a couple of custom firmware’s available for this device which open up new features and access to more advanced statistics. The best one i’ve found for my usage case was created by johnson on the Kitz forum https://forum.kitz.co.uk/index.php?action=profile;u=10025 and are available from his repo here https://github.com/johnson442/custom-zyxel-firmware/releases personally I use the https://github.com/johnson442/custom-zyxel-firmware/releases/download/v1.1/1312-B10A-17-jumbo-tel-x6-stats1.1-cmd.bin image which supports baby jumbo frames and has an extremely useful stats webserver available at http://192.168.1.1:8000
I have also made a backup of the same firmware which is available here 1312-B10A-17-jumbo-tel-x6-stats1.1-cmd.bin
You can flash this either via the main gui or the emergency one available via