Cloudcnm Secumanager Security Vulnerabilities and Issues — Cloudcnm Secumanager CVE List

Lucene search

ZyxelCloudcnm Secumanager

35 matches found

CVE•added 2022/09/29 3:15 a.m.•1701 views

CVE-2020-15341

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.

7.5CVSS7.6AI score0.00817EPSS

CVE•added 2022/09/29 3:15 a.m.•1634 views

CVE-2020-15345

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.

5.3CVSS5.4AI score0.00423EPSS

CVE•added 2022/09/29 3:15 a.m.•1630 views

CVE-2020-15344

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.

5.3CVSS5.4AI score0.00437EPSS

CVE•added 2022/09/29 3:15 a.m.•1622 views

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.

5.3CVSS5.4AI score0.00437EPSS

CVE•added 2022/09/29 3:15 a.m.•1615 views

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.

5.3CVSS5.4AI score0.00373EPSS

CVE•added 2022/09/29 3:15 a.m.•1534 views

CVE-2020-15346

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.

5.3CVSS5.3AI score0.00547EPSS

CVE•added 2020/06/29 4:15 p.m.•43 views

CVE-2020-15320

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.

9.8CVSS9.5AI score0.0051EPSS

CVE•added 2020/06/29 4:15 p.m.•35 views

CVE-2020-15321

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.

9.8CVSS9.5AI score0.0051EPSS

CVE•added 2022/09/29 3:15 a.m.•34 views

CVE-2020-15331

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.

9.8CVSS9.4AI score0.00558EPSS

CVE•added 2020/06/26 3:15 p.m.•34 views

CVE-2020-15335

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.

7.5CVSS7.7AI score0.00217EPSS

CVE•added 2020/06/29 4:15 p.m.•33 views

CVE-2020-15317

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2020/06/29 4:15 p.m.•33 views

CVE-2020-15318

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2020/06/29 4:15 p.m.•33 views

CVE-2020-15322

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.

9.8CVSS9.5AI score0.0051EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15330

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.

5.3CVSS5.3AI score0.00343EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15332

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.

9.8CVSS9.4AI score0.00422EPSS

CVE•added 2020/06/26 3:15 p.m.•33 views

CVE-2020-15336

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.

7.5CVSS7.7AI score0.00217EPSS

CVE•added 2022/09/29 3:15 a.m.•33 views

CVE-2020-15347

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

9.8CVSS9.6AI score0.00999EPSS

CVE•added 2020/06/29 4:15 p.m.•32 views

CVE-2020-15323

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.

9.8CVSS9.5AI score0.0051EPSS

CVE•added 2022/09/29 3:15 a.m.•32 views

CVE-2020-15327

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.

7.5CVSS7.5AI score0.00526EPSS

CVE•added 2022/09/29 3:15 a.m.•32 views

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.

5.3CVSS5.4AI score0.00492EPSS

CVE•added 2020/06/29 3:15 p.m.•31 views

CVE-2020-15312

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2020/06/29 4:15 p.m.•31 views

CVE-2020-15316

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2022/09/29 3:15 a.m.•31 views

CVE-2020-15328

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.

5.3CVSS5.3AI score0.00492EPSS

CVE•added 2022/09/29 3:15 a.m.•30 views

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.

5.3CVSS5.5AI score0.00585EPSS

CVE•added 2022/09/29 3:15 a.m.•30 views

CVE-2020-15338

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.

5.3CVSS5.4AI score0.00492EPSS

CVE•added 2020/06/29 3:15 p.m.•29 views

CVE-2020-15313

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2020/06/29 4:15 p.m.•29 views

CVE-2020-15315

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2020/06/29 4:15 p.m.•29 views

CVE-2020-15319

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2022/09/29 3:15 a.m.•29 views

CVE-2020-15326

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.

5.3CVSS5.3AI score0.00559EPSS

CVE•added 2022/09/29 3:15 a.m.•29 views

CVE-2020-15333

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.

5.3CVSS5.2AI score0.00918EPSS

CVE•added 2020/06/29 3:15 p.m.•28 views

CVE-2020-15314

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.

5.9CVSS5.8AI score0.00286EPSS

CVE•added 2022/09/29 3:15 a.m.•28 views

CVE-2020-15339

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.

6.1CVSS6.3AI score0.00687EPSS

CVE•added 2022/09/29 3:15 a.m.•28 views

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.

7.5CVSS7.5AI score0.00377EPSS

CVE•added 2022/09/29 3:15 a.m.•27 views

CVE-2020-15325

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.

5.3CVSS5.3AI score0.00343EPSS

CVE•added 2022/09/29 3:15 a.m.•24 views

CVE-2020-15329

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.

5.3CVSS5.3AI score0.00492EPSS