CloudCNM SecuManager
by Zyxel
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15314 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | ||
| CVE-2020-15313 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | ||
| CVE-2020-15312 | Med | 0.38 | 5.9 | 0.01 | Jun 29, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | ||
| CVE-2020-15338 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | ||
| CVE-2020-15337 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | ||
| CVE-2020-15334 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | ||
| CVE-2020-15333 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | ||
| CVE-2020-15329 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | ||
| CVE-2020-15328 | Med | 0.35 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | ||
| CVE-2020-15346 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | ||
| CVE-2020-15345 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | ||
| CVE-2020-15344 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | ||
| CVE-2020-15343 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | ||
| CVE-2020-15342 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | ||
| CVE-2020-15330 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | ||
| CVE-2020-15326 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | ||
| CVE-2020-15325 | Med | 0.34 | 5.3 | 0.01 | Sep 29, 2022 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. |
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.
- risk 0.38cvss 5.9epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
- risk 0.35cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
- risk 0.34cvss 5.3epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Page 2 of 2