Shodan
Vulnerabilities
Vulnerable Software
Zyxel:  >> Cloudcnm Secumanager  >> 3.1.0  Security Vulnerabilities
CVE-2020-15327
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-09-29
CVE-2020-15328
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-29
CVE-2020-15329
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-29
CVE-2020-15330
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-09-29
CVE-2020-15331
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-09-29
CVE-2020-15332
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-09-29
CVE-2020-15333
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVSS Score
5.3
EPSS Score
0.009
Published
2022-09-29
CVE-2020-15334
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
CVE-2020-15337
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-29
CVE-2020-15338
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved