CVE-2020-15338
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0/3.1.1 transmits sensitive data in GET query strings for /cnr requests, exposing credentials or tokens in logs and network traffic.
Vulnerability
Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 use the GET HTTP method for /cnr requests, passing sensitive data (e.g., authentication tokens or credentials) as query string parameters. This violates best practices as query strings are logged by servers and proxies, and may be visible in browser history or network captures [1].
Exploitation
An attacker with network access to observe HTTP traffic (e.g., via packet capture or access to server logs) can extract the sensitive query string values. No authentication is needed to read the traffic, but the attacker must be in a position to intercept or view the request.
Impact
Successful exploitation allows an attacker to obtain sensitive information such as authentication tokens or credentials, potentially leading to unauthorized access to the CNM SecuManager or associated network devices.
Mitigation
As of the publication date (2020-06-26), no official patch has been announced by Zyxel. Users should consider network-level protection such as using HTTPS with a proper certificate to encrypt traffic, and avoid exposing the management interface to untrusted networks. The exact fix version is not disclosed in the available references [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: 3.1.0, 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.