Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-15329 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
|
27-10-2022 - 17:45 | 29-09-2022 - 03:15 | |
CVE-2020-15326 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
|
27-10-2022 - 17:44 | 29-09-2022 - 03:15 | |
CVE-2020-15328 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
|
27-10-2022 - 17:44 | 29-09-2022 - 03:15 | |
CVE-2020-15325 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
|
27-10-2022 - 17:44 | 29-09-2022 - 03:15 | |
CVE-2020-15327 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
|
27-10-2022 - 17:44 | 29-09-2022 - 03:15 | |
CVE-2020-15331 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
|
27-10-2022 - 17:35 | 29-09-2022 - 03:15 | |
CVE-2020-15332 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
|
27-10-2022 - 17:35 | 29-09-2022 - 03:15 | |
CVE-2020-15334 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
|
27-10-2022 - 17:35 | 29-09-2022 - 03:15 | |
CVE-2020-15333 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
|
27-10-2022 - 17:35 | 29-09-2022 - 03:15 | |
CVE-2020-15337 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
|
27-10-2022 - 17:35 | 29-09-2022 - 03:15 | |
CVE-2020-15330 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
|
27-10-2022 - 17:34 | 29-09-2022 - 03:15 | |
CVE-2020-15344 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
|
27-10-2022 - 17:33 | 29-09-2022 - 03:15 | |
CVE-2020-15340 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
|
27-10-2022 - 17:32 | 29-09-2022 - 03:15 | |
CVE-2020-15339 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
|
27-10-2022 - 17:32 | 29-09-2022 - 03:15 | |
CVE-2020-15342 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
|
27-10-2022 - 17:32 | 29-09-2022 - 03:15 | |
CVE-2020-15343 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
|
27-10-2022 - 17:32 | 29-09-2022 - 03:15 | |
CVE-2020-15338 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
|
27-10-2022 - 17:31 | 29-09-2022 - 03:15 | |
CVE-2020-15346 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
|
27-10-2022 - 17:30 | 29-09-2022 - 03:15 | |
CVE-2020-15345 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
|
27-10-2022 - 17:30 | 29-09-2022 - 03:15 | |
CVE-2020-15347 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
|
27-10-2022 - 17:30 | 29-09-2022 - 03:15 | |
CVE-2020-15341 | None |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
|
27-10-2022 - 17:16 | 29-09-2022 - 03:15 | |
CVE-2020-15336 | 5.0 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
|
17-07-2022 - 12:44 | 26-06-2020 - 15:15 | |
CVE-2020-15335 | 5.0 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
|
17-07-2022 - 12:44 | 26-06-2020 - 15:15 | |
CVE-2020-15348 | 10.0 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
|
21-07-2021 - 11:39 | 26-06-2020 - 14:15 | |
CVE-2020-15323 | 7.5 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
|
06-07-2020 - 17:56 | 29-06-2020 - 16:15 | |
CVE-2020-15322 | 7.5 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
|
06-07-2020 - 17:52 | 29-06-2020 - 16:15 | |
CVE-2020-15318 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
|
06-07-2020 - 17:49 | 29-06-2020 - 16:15 | |
CVE-2020-15321 | 7.5 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
|
06-07-2020 - 17:46 | 29-06-2020 - 16:15 | |
CVE-2020-15317 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
|
06-07-2020 - 17:36 | 29-06-2020 - 16:15 | |
CVE-2020-15316 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
|
06-07-2020 - 17:28 | 29-06-2020 - 16:15 | |
CVE-2020-15315 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
|
06-07-2020 - 17:05 | 29-06-2020 - 16:15 | |
CVE-2020-15324 | 7.5 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
|
06-07-2020 - 15:05 | 29-06-2020 - 16:15 | |
CVE-2020-15314 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
|
02-07-2020 - 19:25 | 29-06-2020 - 15:15 | |
CVE-2020-15319 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
|
02-07-2020 - 19:23 | 29-06-2020 - 16:15 | |
CVE-2020-15320 | 7.5 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
|
02-07-2020 - 19:18 | 29-06-2020 - 16:15 | |
CVE-2020-15313 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.
|
02-07-2020 - 18:09 | 29-06-2020 - 15:15 | |
CVE-2020-15312 | 4.3 |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.
|
02-07-2020 - 17:43 | 29-06-2020 - 15:15 |