The vulnerability of the Cloud Management mode of the Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN software allows a hacker to execute arbitrary commands.

The vulnerability of the Cloud Management mode of Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software lies in the lack of measures taken to neutralize the special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the CPE WAN Management Protocol (TR-069) software implementation for centralized device management in the Zyxel Cloud network, enabled by SecuManager, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CPE WAN Management Protocol TR-069 software for centralized device management in the Zyxel Cloud environment is related to the use of strictly encrypted credentials during the processing of SSH keys. The exploit allows an attacker to gain unauthorized access to protected...

The vulnerability of software for centralized device management in the Zyxel Cloud network lies in the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for centralized device management in the Zyxel Cloud network is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information through MySQL queries lik...

The vulnerability of software for centralized device management in the Zyxel Cloud network lies in the unencrypted storage of user credentials, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for centralized device management in the Zyxel Cloud network is related to the unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of software for centralized device management in the Zyxel Cloud network lies in the insufficient protection of user credentials, allowing attackers to gain full access to devices in the network.

The vulnerability of the software for centralized device management in the Zyxel Cloud network is related to insufficient protection of user credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to devices in the network...

The vulnerability of the /opt/axess/etc/default/axess software for network device centralized management in Zyxel Cloud CNM SecuManager allows a perpetrator to gain full access to devices in the network.

The vulnerability of the /opt/axess/etc/default/axess software for network device centralized management in Zyxel CloudCNM SecuManager lies in the unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor to gain full access to network devices remotely...

CVE-2020-15347

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account...

ZyXEL CloudCNM SecuManager Trust Management Issue Vulnerability (CNVD-2020-36760)

ZyXEL CloudCNM SecuManager is a set of network management software from Taiwan, China-based ZyXEL. The software supports centralized control, device management and intelligent monitoring. A trust management issue vulnerability exists in ZyXEL CloudCNM SecuManager version 3.1.0 and 3.1.1. A remote...

PT-2020-14366 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded APP KEY located in the /opt/axess/etc/default/axess file. Recommendations: For versions 3.1.0 and 3.1.1, consider removing or modifying the...

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Multiple vulnerabilities found in Zyxel CNM SecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html === text-version of the advisory ===...

ZyXEL Cloud CNM SecuManager Unauthorized Remote Code Execution Vulnerability

Zyxel Cloud CNM SecuManager is a full-featured network management software that provides an integrated console to monitor and manage security grids, including the ZyWALLUSG and VPN series. An unauthorized remote code execution vulnerability exists in Zyxel Cloud CNM SecuManager, which can be...