VYPR

CloudCNM SecuManager

by Zyxel

CVEs (37)

  • CVE-2020-15347CriSep 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

  • CVE-2020-15332CriSep 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

  • CVE-2020-15331CriSep 29, 2022
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.

  • CVE-2020-15324CriJun 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.

  • CVE-2020-15323CriJun 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.

  • CVE-2020-15322CriJun 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.

  • CVE-2020-15321CriJun 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.

  • CVE-2020-15320CriJun 29, 2020
    risk 0.64cvss 9.8epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.

  • CVE-2020-15348CriJun 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.

  • CVE-2020-15341HigSep 29, 2022
    risk 0.49cvss 7.5epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

  • CVE-2020-15340HigSep 29, 2022
    risk 0.49cvss 7.5epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.

  • CVE-2020-15327HigSep 29, 2022
    risk 0.49cvss 7.5epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

  • CVE-2020-15336HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.

  • CVE-2020-15335HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.

  • CVE-2020-15339MedSep 29, 2022
    risk 0.40cvss 6.1epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.

  • CVE-2020-15319MedJun 29, 2020
    risk 0.38cvss 5.9epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.

  • CVE-2020-15318MedJun 29, 2020
    risk 0.38cvss 5.9epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.

  • CVE-2020-15317MedJun 29, 2020
    risk 0.38cvss 5.9epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.

  • CVE-2020-15316MedJun 29, 2020
    risk 0.38cvss 5.9epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.

  • CVE-2020-15315MedJun 29, 2020
    risk 0.38cvss 5.9epss 0.01

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.

Page 1 of 2