CloudCNM SecuManager
by Zyxel
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15347 | Cri | 0.64 | 9.8 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | ||
| CVE-2020-15332 | Cri | 0.64 | 9.8 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | ||
| CVE-2020-15331 | Cri | 0.64 | 9.8 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | ||
| CVE-2020-15324 | Cri | 0.64 | 9.8 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | ||
| CVE-2020-15323 | Cri | 0.64 | 9.8 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. | ||
| CVE-2020-15322 | Cri | 0.64 | 9.8 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. | ||
| CVE-2020-15321 | Cri | 0.64 | 9.8 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | ||
| CVE-2020-15320 | Cri | 0.64 | 9.8 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | ||
| CVE-2020-15348 | Cri | 0.64 | 9.8 | 0.02 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | ||
| CVE-2020-15341 | Hig | 0.49 | 7.5 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | ||
| CVE-2020-15340 | Hig | 0.49 | 7.5 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | ||
| CVE-2020-15327 | Hig | 0.49 | 7.5 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | ||
| CVE-2020-15336 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | ||
| CVE-2020-15335 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | ||
| CVE-2020-15339 | Med | 0.40 | 6.1 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | ||
| CVE-2020-15319 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | ||
| CVE-2020-15318 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. | ||
| CVE-2020-15317 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. | ||
| CVE-2020-15316 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. | ||
| CVE-2020-15315 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. |
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
- risk 0.64cvss 9.8epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
- risk 0.64cvss 9.8epss 0.02
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
- risk 0.49cvss 7.5epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
- risk 0.49cvss 7.5epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
- risk 0.49cvss 7.5epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
- risk 0.49cvss 7.5epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
- risk 0.49cvss 7.5epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
- risk 0.40cvss 6.1epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
Page 1 of 2