CVE-2020-15328
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0/3.1.1 sets weak permissions on /opt/axess/var/blobstorage/, allowing local attackers to read or manipulate ZODB database files.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 [1] configure excessively permissive filesystem permissions on the directory /opt/axess/var/blobstorage/. This directory stores ZODB (Zope Object Database) blob files, which are used by the application to persist object data. The weak permissions allow any local user on the appliance to read and, depending on the exact permissions, potentially overwrite these blob files [1]. No special configuration or user interaction beyond local access is required.
Exploitation
An attacker must first obtain local shell access to the SecuManager appliance. This could be achieved through another vulnerability (e.g., the pre-auth RCE described in the same advisory [1]) or via valid credentials. Once a local shell is obtained, the attacker can list the contents of /opt/axess/var/blobstorage/ and read any blob file. If write permissions are also granted (the advisory notes weak permissions, implying both read and write are possible [1]), the attacker can also modify or delete blob files [1].
Impact
By reading ZODB blob files, the attacker can extract sensitive data that the SecuManager stores, such as device configurations, credentials, or network topology information [1]. If write access is achieved, the attacker can corrupt or manipulate the database, potentially leading to denial of service, privilege escalation, or further compromise of managed devices. The impact is significant because the SecuManager is a central management console, and compromising it can cascade to all managed security gateways [1]. The attacker gains the ability to tamper with critical management data.
Mitigation
Zyxel has not released a patch for CVE-2020-15328 as of the advisory publication date [1]. The recommended mitigation is to restrict local access to the SecuManager appliance to trusted administrators only, and to monitor for signs of local compromise. No workaround that corrects the file permissions is provided, but administrators can manually tighten permissions on /opt/axess/var/blobstorage/ to prevent unauthorized local access. Systems running version 3.1.0 or 3.1.1 are affected.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: >=3.1.0 <=3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.