CVE-2020-15327
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication, allowing unauthenticated remote access to the database.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 use ZODB (Zope Object Database) storage that is exposed without any authentication. The database is accessible over the network without requiring credentials [1]. This affects the default configuration, and the software does not enforce authentication on the ZODB interface.
Exploitation
An attacker with network access to the SecuManager's ZODB port can connect to the database directly without any authentication. Since the daemons run as root and there is no default firewall, the database may be reachable from the WAN [1]. No user interaction or special privileges are required.
Impact
Successful exploitation allows an attacker to read and potentially modify the ZODB storage, which contains sensitive configuration data and credentials. This can lead to full compromise of the SecuManager and possibly the managed gateways [1].
Mitigation
Zyxel has not disclosed a specific fix for this vulnerability in the available references. Users should restrict network access to the SecuManager and apply any updates from Zyxel when available. The advisory recommends allowing only trusted hosts to connect to the management interface [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: 3.1.0, 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.