Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  Security Vulnerabilities
CVE-2020-15322
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29
CVE-2020-15323
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29
CVE-2020-15324
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-29
CVE-2020-15312
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
CVE-2020-15313
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
CVE-2020-15314
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-06-29
CVE-2020-15335
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-26
CVE-2020-15336
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-26
CVE-2020-15348
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-06-26
CVE-2020-14461
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
CVSS Score
8.6
EPSS Score
0.136
Published
2020-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved