CVE-2020-15346
Description
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 contain a backdoor API endpoint /live/GLOBALS accessible with a hardcoded key, leading to unauthorized access.
Vulnerability
The /live/GLOBALS API endpoint in Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 accepts a CLOUDCNM hardcoded key, allowing unauthorized access. [1]
Exploitation
An attacker can craft a request to the /live/GLOBALS API using the hardcoded CLOUDCNM key, no authentication required. The API is likely accessible over the network. [1]
Impact
Successful exploitation may allow an attacker to retrieve sensitive configuration data or perform administrative actions, leading to full compromise of the appliance. [1]
Mitigation
Zyxel has not released a fix for this specific vulnerability as of the publication date. Users should limit network access to the management interface and monitor for unauthorized access. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zyxel/CloudCNM SecuManagerdescription
- Range: >=3.1.0, <=3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.htmlmitrex_refsource_MISC
- www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.