Cloudcnm Secumanager

cloudcnm_secumanager

Vendor: Zyxel • 35 CVEs

CVEs (35)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15347 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15346 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
CVE-2020-15345 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
CVE-2020-15344 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
CVE-2020-15343 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
CVE-2020-15342 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
CVE-2020-15341 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
CVE-2020-15340 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
CVE-2020-15339 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
CVE-2020-15338 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
CVE-2020-15337 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
CVE-2020-15334 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2020-15333 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVE-2020-15332 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15331 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2020-15330 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVE-2020-15329 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
CVE-2020-15328 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVE-2020-15327 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2020-15326 1Zyxel 1Cloudcnm Secumanager Nov 21, 2024 Sep 29, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.

12 Next