Monthly Archive: June 2020

26/06/2020

CVE-2020-15344

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15343

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15342

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15341

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15340

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15339

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15338

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15336

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15335

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15333

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15332

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

26/06/2020

CVE-2020-15331

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml

Monthly Archive: June 2020

CVE-2020-15344

CVE-2020-15343

CVE-2020-15342

CVE-2020-15341

CVE-2020-15340

CVE-2020-15339

CVE-2020-15338

CVE-2020-15337

CVE-2020-15336

CVE-2020-15335

CVE-2020-15334

CVE-2020-15333

CVE-2020-15332

CVE-2020-15331

Recent Posts

Categories

Monthly Archive: June 2020

Recent Posts

Categories

Tags