CVE-2020-15332
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 contain a file with weak permissions, allowing local attackers to read or modify sensitive configuration.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 have weak permissions on the file /opt/axess/etc/default/axess [1]. This file likely contains configuration data or secrets used by the management software.
Exploitation
An attacker with local access to the system can read or write to the file due to its weak permissions. No additional authentication is required beyond local shell access.
Impact
Successful exploitation allows an attacker to read sensitive information (e.g., credentials, API keys) from the file, or modify it to alter the behavior of the SecuManager, potentially leading to privilege escalation or further compromise of the network management platform.
Mitigation
As of the publication date (June 2020), no official patch has been released by Zyxel. Users should restrict local access to trusted administrators and monitor file permissions. The vendor may provide an update in a later version; consult Zyxel support for the latest information [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: = 3.1.0, = 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.