Zyxel Cloudcnm_secumanager

35 CVEs affecting Zyxel Cloudcnm_secumanager. Latest disclosed: 2022-09-29. Critical: 7, High: 5.

Top CVEs affecting Zyxel Cloudcnm_secumanager
CVESeverityScorePublishedSummary
CVE-2020-15347Critical9.82022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15332Critical9.82022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15331Critical9.82022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2020-15323Critical9.82020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials.
CVE-2020-15322Critical9.82020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account.
CVE-2020-15321Critical9.82020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account.
CVE-2020-15320Critical9.82020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account.
CVE-2020-15341High7.52022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
CVE-2020-15340High7.52022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
CVE-2020-15327High7.52022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
CVE-2020-15336High7.52020-06-26Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
CVE-2020-15335High7.52020-06-26Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
CVE-2020-15339Medium6.12022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
CVE-2020-15319Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree.
CVE-2020-15318Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree.
CVE-2020-15317Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree.
CVE-2020-15316Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree.
CVE-2020-15315Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree.
CVE-2020-15314Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account.
CVE-2020-15313Medium5.92020-06-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account.