CVE-2020-15321

Vulnerability

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 include a hardcoded password axzyxel for the livedbuser MySQL database account. This backdoor account is present in the MySQL configuration and allows unauthenticated access to the database without any special conditions or configuration changes [1].

Exploitation

An attacker with network access to the MySQL service (typically exposed on the management interface) can connect to the database using the known credentials: username livedbuser and password axzyxel. No prior authentication or user interaction is required. The attacker simply uses a MySQL client to log in [1].

Impact

Successful exploitation grants the attacker full read and write access to the MySQL database, which likely stores sensitive device configurations, credentials, and management data. This can lead to further compromise of the SecuManager appliance and managed devices [1].

Mitigation

No official fix has been released as of the publication date. The affected versions (3.1.0 and 3.1.1) remain vulnerable. Users should restrict network access to the MySQL service and monitor for unauthorized connections. If possible, upgrade to a patched version if one becomes available [1].