CVE-2020-15323

Vulnerability

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded credential for the a1@chopin account, with the password cloud1234 [1]. This account is present in the application's default configuration and can be used for initial access without exploitation or additional conditions.

Exploitation

An attacker who can reach the SecuManager management interface over the network can authenticate using the well-known default credentials: username a1@chopin and password cloud1234 [1]. No prior authentication, user interaction, or special privileges are required. The attacker simply submits the credentials to the login endpoint.

Impact

Successful authentication grants the attacker access to the CloudCNM SecuManager web interface as the a1@chopin user [1]. This level of access is sufficient to view network configurations, manage security gateways, and potentially pivot to further exploitation of adjacent vulnerabilities that require an authenticated session.

Mitigation

Zyxel has not released a patch for this issue in the publicly available references [1]. Users should upgrade to a version that removes or changes default credentials if a fixed release becomes available. As a workaround, administrators should change the password for the a1@chopin account immediately and restrict network access to the management interface.