Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zyxel Subscribe
Filtered by product Cloudcnm Secumanager
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15329 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
CVE-2020-15325 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
CVE-2020-15328 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVE-2020-15327 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2020-15326 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
CVE-2020-15333 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVE-2020-15331 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2020-15332 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15334 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2020-15337 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
CVE-2020-15330 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVE-2020-15344 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
CVE-2020-15343 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
CVE-2020-15340 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 7.5 HIGH
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
CVE-2020-15339 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 6.1 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
CVE-2020-15342 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
CVE-2020-15338 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
CVE-2020-15346 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
CVE-2020-15347 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 9.8 CRITICAL
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15345 1 Zyxel 1 Cloudcnm Secumanager 2022-10-27 N/A 5.3 MEDIUM
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.