CVE-2020-15347

Vulnerability

CVE-2020-15347 describes a backdoor account in Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The axiros user is configured with the hardcoded password q6xV4aW8bQ4cfD-b, as disclosed in the official CVE description and security research [1].

Exploitation

An attacker with network access to the SecuManager can authenticate as the axiros user using the known password. No prior authentication or user interaction is required. Once authenticated, the attacker may leverage this access to further compromise the system, as the axiros account is intended for management purposes and may have elevated privileges or shell access [1].

Impact

Successful exploitation grants the attacker administrative-level access to the CloudCNM SecuManager, potentially leading to full control over the management platform. This could result in disclosure of sensitive configuration data, manipulation of managed security gateways, or remote code execution depending on associated services [1].

Mitigation

As of the publication date, no official patch or update from Zyxel has been released for this vulnerability. The affected versions (3.1.0 and 3.1.1) remain the latest. Administrators should restrict network access to the SecuManager, implement strict firewall rules, and consider disabling the axiros account if feasible, pending an official fix [1].