CloudCNM SecuManager
by Zyxel
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15339 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | |||
| CVE-2020-15340 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | |||
| CVE-2020-15341 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | |||
| CVE-2020-15342 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | |||
| CVE-2020-15343 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | |||
| CVE-2020-15344 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | |||
| CVE-2020-15345 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | |||
| CVE-2020-15346 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | |||
| CVE-2020-15347 | 0.00 | — | 0.01 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | |||
| CVE-2020-15325 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | |||
| CVE-2020-15326 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | |||
| CVE-2020-15327 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | |||
| CVE-2020-15328 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | |||
| CVE-2020-15329 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | |||
| CVE-2020-15330 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | |||
| CVE-2020-15331 | 0.00 | — | 0.00 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | |||
| CVE-2020-15348 | 0.00 | — | 0.01 | Jun 26, 2020 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. |
- CVE-2020-15339Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
- CVE-2020-15340Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
- CVE-2020-15341Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
- CVE-2020-15342Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
- CVE-2020-15343Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
- CVE-2020-15344Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
- CVE-2020-15345Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
- CVE-2020-15346Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
- CVE-2020-15347Jun 26, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
- CVE-2020-15325Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
- CVE-2020-15326Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
- CVE-2020-15327Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
- CVE-2020-15328Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
- CVE-2020-15329Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
- CVE-2020-15330Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
- CVE-2020-15331Jun 26, 2020risk 0.00cvss —epss 0.00
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
- CVE-2020-15348Jun 26, 2020risk 0.00cvss —epss 0.01
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
Page 2 of 2