Zyxel Cloudcnm_secumanager
35 CVEs affecting Zyxel Cloudcnm_secumanager. Latest disclosed: 2022-09-29. Critical: 7, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-15347 | Critical | 9.8 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. |
CVE-2020-15332 | Critical | 9.8 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. |
CVE-2020-15331 | Critical | 9.8 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. |
CVE-2020-15323 | Critical | 9.8 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. |
CVE-2020-15322 | Critical | 9.8 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. |
CVE-2020-15321 | Critical | 9.8 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. |
CVE-2020-15320 | Critical | 9.8 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. |
CVE-2020-15341 | High | 7.5 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. |
CVE-2020-15340 | High | 7.5 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. |
CVE-2020-15327 | High | 7.5 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. |
CVE-2020-15336 | High | 7.5 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. |
CVE-2020-15335 | High | 7.5 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. |
CVE-2020-15339 | Medium | 6.1 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. |
CVE-2020-15319 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. |
CVE-2020-15318 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. |
CVE-2020-15317 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. |
CVE-2020-15316 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. |
CVE-2020-15315 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. |
CVE-2020-15314 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. |
CVE-2020-15313 | Medium | 5.9 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. |