CloudCNM SecuManager
by Zyxel
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15324 | 0.00 | — | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | |||
| CVE-2020-15323 | 0.00 | — | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. | |||
| CVE-2020-15322 | 0.00 | — | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. | |||
| CVE-2020-15321 | 0.00 | — | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | |||
| CVE-2020-15320 | 0.00 | — | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | |||
| CVE-2020-15319 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | |||
| CVE-2020-15318 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. | |||
| CVE-2020-15317 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. | |||
| CVE-2020-15316 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. | |||
| CVE-2020-15315 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. | |||
| CVE-2020-15314 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | |||
| CVE-2020-15313 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | |||
| CVE-2020-15312 | 0.00 | — | 0.00 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | |||
| CVE-2020-15332 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | |||
| CVE-2020-15333 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | |||
| CVE-2020-15334 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | |||
| CVE-2020-15335 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | |||
| CVE-2020-15336 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | |||
| CVE-2020-15337 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | |||
| CVE-2020-15338 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. |
- CVE-2020-15324Jun 29, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
- CVE-2020-15323Jun 29, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
- CVE-2020-15322Jun 29, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
- CVE-2020-15321Jun 29, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
- CVE-2020-15320Jun 29, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
- CVE-2020-15319Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
- CVE-2020-15318Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
- CVE-2020-15317Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
- CVE-2020-15316Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
- CVE-2020-15315Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
- CVE-2020-15314Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
- CVE-2020-15313Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.
- CVE-2020-15312Jun 29, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.
- CVE-2020-15332Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
- CVE-2020-15333Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
- CVE-2020-15334Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
- CVE-2020-15335Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
- CVE-2020-15336Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
- CVE-2020-15337Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
- CVE-2020-15338Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
Page 1 of 2