cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-15343,https://securityvulnerability.io/vulnerability/CVE-2020-15343,Unauthenticated API Vulnerability in Zyxel CloudCNM SecuManager,"Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to an unauthenticated API vulnerability that allows arbitrary execution of commands via the zy_install_user_key API endpoint. This vulnerability can enable attackers to gain unauthorized access to the system, potentially leading to further exploits and unauthorized data manipulation. Immediate remediation is advised to protect against potential threats.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15334,https://securityvulnerability.io/vulnerability/CVE-2020-15334,Escape-sequence Injection Vulnerability in Zyxel CloudCNM SecuManager,"Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to escape-sequence injection, which occurs through improper handling of log files, specifically in /var/log/axxmpp.log. This vulnerability could allow attackers to manipulate log data, potentially leading to further exploitation of the system. This highlights the need for proper input validation and security practices in handling log entries.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15337,https://securityvulnerability.io/vulnerability/CVE-2020-15337,Sensitive Query Strings Issue in Zyxel CloudCNM SecuManager,"Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to a vulnerability that arises from the improper use of the GET request method, allowing sensitive query strings to be exposed during the /registerCpe requests. This can potentially lead to unauthorized access to sensitive information, highlighting the need for secure coding practices and better data handling mechanisms in web applications.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15338,https://securityvulnerability.io/vulnerability/CVE-2020-15338,GET Request Method Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are prone to a vulnerability that exposes sensitive query string data through the use of GET requests in /cnr requests. This flaw can potentially allow unauthorized access to sensitive information, highlighting the importance of proper request handling in web applications.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15341,https://securityvulnerability.io/vulnerability/CVE-2020-15341,Unauthenticated API Vulnerability in Zyxel's CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager allows unauthenticated access to the update_all_realm_license API in versions 3.1.0 and 3.1.1. This vulnerability could permit unauthorized users to modify licenses without authentication, leading to potential misuse of services. Organizations utilizing these versions should investigate and implement necessary security measures to mitigate this risk and protect their resources.",Zyxel,Cloudcnm Secumanager,7.5,HIGH,0.005859999917447567,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15344,https://securityvulnerability.io/vulnerability/CVE-2020-15344,Unauthenticated API Exploit in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain an unauthenticated API endpoint, zy_get_user_id_and_key, which could allow attackers to exploit sensitive data without prior authentication. This vulnerability poses a significant risk to the integrity of user information and system security, enabling unauthorized access and potential compromise of user accounts.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15345,https://securityvulnerability.io/vulnerability/CVE-2020-15345,Unauthenticated API Vulnerability in Zyxel CloudCNM SecuManager,The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a significant vulnerability that allows unauthenticated users to access the zy_get_instances_for_update API. This flaw could potentially allow attackers to retrieve sensitive information or manipulate the service's functionality without proper authorization. Organizations using these versions should implement mitigation measures immediately to secure their systems.,Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.001560000004246831,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15346,https://securityvulnerability.io/vulnerability/CVE-2020-15346,API Vulnerability in Zyxel CloudCNM SecuManager,"Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a vulnerability within the /live/GLOBALS API that exposes sensitive information due to improper access controls. This issue arises from the use of the CLOUDCNM key, which, if exploited, could allow unauthorized access to critical API functionalities. Users of affected versions are advised to seek updates and implement security measures to mitigate potential risks as detailed in Zyxel's security advisory.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013299999991431832,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15347,https://securityvulnerability.io/vulnerability/CVE-2020-15347,Default Password Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are exposed to a security risk due to a default password used for the axiros account. This vulnerability can allow unauthorized access to sensitive network management functions, potentially leading to further exploitation of the network infrastructure. Organizations using these versions should take immediate action to update their security settings and remove any instances of default credentials to safeguard their systems.",Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.007819999940693378,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15327,https://securityvulnerability.io/vulnerability/CVE-2020-15327,Unauthorized Access Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to a vulnerability that allows unauthorized access due to the use of ZODB storage without proper authentication mechanisms. This flaw could enable malicious users to exploit the system, potentially compromising sensitive data stored within the SecuManager. It highlights the importance of implementing robust authentication measures to protect network management processes.",Zyxel,Cloudcnm Secumanager,7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15333,https://securityvulnerability.io/vulnerability/CVE-2020-15333,Account Discovery Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are vulnerable to account discovery attacks. By exploiting specific MySQL queries, an attacker can retrieve sensitive user account information from the system. This vulnerability allows unauthorized users to execute 'select * from Administrator_users' and 'select * from Users_users' commands, potentially revealing the details of registered accounts. Organizations using these versions should prioritize remediation to secure their systems against unauthorized access.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15331,https://securityvulnerability.io/vulnerability/CVE-2020-15331,Hardcoded OAuth Secret Key Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded OAuth secret key located in the default configuration file. This vulnerability can lead to unauthorized access and manipulation of authentication tokens, potentially compromising the security of the affected systems. It is crucial for users of these versions to review their configurations and consider implementing mitigations, such as custom key management practices, to enhance their security posture.",Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.007819999940693378,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15339,https://securityvulnerability.io/vulnerability/CVE-2020-15339,Cross-Site Scripting Vulnerability in Zyxel CloudCNM SecuManager,"Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 have a vulnerability that allows an attacker to execute arbitrary scripts in the context of the user's session through improperly sanitized input when handling campaign script links. This could lead to data theft, session hijacking, or further attacks on the user’s system. Users are advised to update to the latest version and follow security best practices to mitigate risks.",Zyxel,Cloudcnm Secumanager,6.1,MEDIUM,0.001230000052601099,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15342,https://securityvulnerability.io/vulnerability/CVE-2020-15342,Unauthenticated API Vulnerability in Zyxel CloudCNM SecuManager,"Zyxel's CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to an unauthenticated API access vulnerability through the zy_install_user API. This security flaw allows unauthorized users to exploit the API, potentially leading to significant security risks for users and organizations utilizing the affected versions. It is critical for users to assess their deployment and apply necessary patches provided by Zyxel to mitigate this vulnerability.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0017099999822676182,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15340,https://securityvulnerability.io/vulnerability/CVE-2020-15340,Hardcoded SSH Key Vulnerability in Zyxel CloudCNM SecuManager Software,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded SSH key which can potentially allow unauthorized access to the system. This vulnerability can be exploited by attackers to gain remote access, compromising the integrity of the system and potentially leading to data breaches. Proper remediation steps should be taken to replace the hardcoded key and secure the system.",Zyxel,Cloudcnm Secumanager,7.5,HIGH,0.005049999803304672,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15325,https://securityvulnerability.io/vulnerability/CVE-2020-15325,Hardcoded Erlang Cookie Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a vulnerability due to a hardcoded Erlang cookie utilized for ejabberd replication. This hardcoded value may allow attackers to exploit the system, potentially gaining unauthorized access and control over the affected device. Users are advised to review their system configurations and apply necessary updates or mitigations as outlined in the vendor's security advisories.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15326,https://securityvulnerability.io/vulnerability/CVE-2020-15326,Hardcoded Certificate Vulnerability in Zyxel CloudCNM SecuManager,"In Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1, a vulnerability exists due to a hardcoded certificate for Ejabberd in ejabberd.pem. This could potentially allow attackers to exploit the certificate and gain unauthorized access to sensitive communications. Organizations using the affected versions are advised to assess their security posture and consider updating to mitigate any risks associated with the use of hardcoded credentials.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15328,https://securityvulnerability.io/vulnerability/CVE-2020-15328,Weak Permissions in Zyxel CloudCNM SecuManager Affecting Security Posture,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 exhibit a significant weakness in permission control regarding the /opt/axess/var/blobstorage/ directory. This weakness could allow unauthorized access to sensitive data, increasing the risk of data exposure and potential exploitation. Users of these versions should prioritize reviewing their permissions and implementing necessary security measures to safeguard their systems.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15329,https://securityvulnerability.io/vulnerability/CVE-2020-15329,Weak Data.fs Permissions in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 exhibit insufficient data permissions in the Data.fs file, which may allow unauthorized access and manipulation of sensitive data. This flaw poses a significant risk to organizations relying on Zyxel's cloud network management solutions and potentially exposes them to data breaches and exploitation.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15330,https://securityvulnerability.io/vulnerability/CVE-2020-15330,Hardcoded APP_KEY Vulnerability in Zyxel CloudCNM SecuManager,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 contain a hardcoded APP_KEY in their configuration files, which poses a significant security risk. This hardcoded value can potentially allow unauthorized access to the system, leading to further exploitation of sensitive data and functionalities. Organizations using these versions should immediately assess their systems for potential compromises and consider upgrading to secure their environments. For more information, please refer to the detailed documentation and mitigation strategies provided by Zyxel.",Zyxel,Cloudcnm Secumanager,5.3,MEDIUM,0.0013299999991431832,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15332,https://securityvulnerability.io/vulnerability/CVE-2020-15332,Weak Permissions in Zyxel CloudCNM SecuManager Impacting Device Security,"The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 exhibit weak permissions on the /opt/axess/etc/default/axess configuration file. This misconfiguration can lead to unauthorized access and manipulation of sensitive system settings, potentially compromising the integrity and security of network devices managed through this software. It is crucial for users to audit their environments and ensure that proper permission settings are enforced to mitigate the risks associated with this vulnerability.",Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.007819999940693378,false,,false,false,false,,,false,false,,2022-09-29T03:15:00.000Z,0
CVE-2020-15323,https://securityvulnerability.io/vulnerability/CVE-2020-15323,,Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.,Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.00419999985024333,false,,false,false,false,,,false,false,,2020-06-29T15:26:46.000Z,0
CVE-2020-15322,https://securityvulnerability.io/vulnerability/CVE-2020-15322,,Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.,Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.00419999985024333,false,,false,false,false,,,false,false,,2020-06-29T15:23:44.000Z,0
CVE-2020-15321,https://securityvulnerability.io/vulnerability/CVE-2020-15321,,Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.,Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.00419999985024333,false,,false,false,false,,,false,false,,2020-06-29T15:20:18.000Z,0
CVE-2020-15320,https://securityvulnerability.io/vulnerability/CVE-2020-15320,,Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.,Zyxel,Cloudcnm Secumanager,9.8,CRITICAL,0.00419999985024333,false,,false,false,false,,,false,false,,2020-06-29T15:16:45.000Z,0