CVE-2020-15341
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 expose an unauthenticated update_all_realm_license API, allowing attackers to manipulate licensing and possibly the device configuration.
Vulnerability
The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain an unauthenticated API endpoint update_all_realm_license. No authentication or authorization is required to call this interface, and it is exposed in the default configuration [1].
Exploitation
An attacker with network access to the SecuManager appliance can directly call the update_all_realm_license API without any prior authentication or user interaction. The endpoint is reachable from the network, and by default the appliance lacks a firewall [1].
Impact
Successful exploitation allows an attacker to manipulate licensing data for all realms managed by the device. This could lead to unauthorized software activation, denial of licensing enforcement, or further changes to the device's configuration state. [1] lists this as a backdoor API, meaning it could also be leveraged as part of a broader attack chain.
Mitigation
Zyxel has not released a patch for this vulnerability as of the disclosure date (2020-06-26). Administrators should restrict network access to the SecuManager appliance, enforce firewall rules to block untrusted hosts, and monitor for unauthorized API calls. The product may be end-of-life; contact Zyxel support for guidance [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: >=3.1.0 <=3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.