Latest zyxel cloudcnm secumanager Vulnerabilities

CVE-2020-15329
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15344
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15347
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15330
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15346
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15337
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15328
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15327
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15339
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15340
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15334
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15332
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15338
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15333
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15341
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15343
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15342
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15345
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15331
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15326
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15321
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15322
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15323
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15316
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15320
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15315
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15318
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15317
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15319
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15312
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15314
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15313
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15336
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1
CVE-2020-15335
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
Zyxel CloudCNM SecuManager=3.1.0
Zyxel CloudCNM SecuManager=3.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203