CVE-2020-15330
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 contains a hardcoded application key (APP_KEY) in a configuration file, allowing attackers to compromise API authentication.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded APP_KEY in the file /opt/axess/etc/default/axess [1]. This key is used for authentication with cloud services or internal APIs.
Exploitation
An attacker who gains access to the file system (e.g., through another vulnerability or local access) can read the hardcoded APP_KEY from the configuration file. The key is static and does not change between installations, making it a shared secret.
Impact
With the APP_KEY, an attacker can authenticate to the cloud management interface or internal APIs, potentially gaining unauthorized access to sensitive data or performing actions on behalf of the SecuManager appliance. This could lead to information disclosure or further compromise of managed devices.
Mitigation
The available references do not specify a fixed version or workaround. Users should contact Zyxel for updated software that removes the hardcoded key. As of the publication date (2020-06-26), no patch is mentioned.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: 3.1.0, 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.