VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 29, 2020· Updated Aug 4, 2024

CVE-2020-15320

CVE-2020-15320

Description

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 contain a hardcoded root password 'axiros' for MySQL, allowing remote attackers to gain unauthorized database access.

Vulnerability

CVE-2020-15320 describes a hardcoded password in Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The MySQL database contains a backdoor root account with the password "axiros" [1]. This issue affects the MySQL service and is part of a larger set of vulnerabilities in these versions.

Exploitation

An attacker with network access to the MySQL service (default port 3306) can log in using the root username and the known password "axiros" [1]. No authentication or additional privileges are required, as the credentials are static and publicly disclosed.

Impact

Successful exploitation grants full administrative access to the MySQL database, allowing an attacker to read, modify, or delete sensitive data such as device configurations, credentials, and logs [1]. This could lead to further compromise of the network management system.

Mitigation

As of the publication date, no patched version has been released by Zyxel. Users should restrict network access to the MySQL service, monitor for unauthorized access, and apply any future updates from the vendor [1].

References
  1. Multiple vulnerabilities found in Zyxel CNM SecuManager

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.