CVE-2020-15325
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 contain a hardcoded Erlang cookie for ejabberd replication, allowing remote attackers to connect to the ejabberd service without authentication.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 include a hardcoded Erlang cookie used for ejabberd replication [1]. This cookie is intended to authenticate communication between Erlang nodes, but because it is static and publicly known, any remote attacker can use it to authenticate to the ejabberd service.
Exploitation
An attacker with network access to the ejabberd service can use the hardcoded Erlang cookie to establish an authenticated Erlang connection to the target node [1]. No prior authentication or user interaction is required; the attacker only needs to know the cookie value, which is embedded in the software.
Impact
Successful exploitation allows the attacker to connect to the ejabberd service as an authenticated node. This can lead to unauthorized access to the management system, potentially enabling further compromise of the CloudCNM SecuManager appliance [1].
Mitigation
The available reference does not specify a fixed version or workaround [1]. Users should monitor Zyxel's security advisories for an update that addresses this issue. If no patch is available, consider restricting network access to the ejabberd service.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: = 3.1.0, = 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.