Skip to main content

Cloud Cnm Secumanager

2 CVEs product

Monthly

CVE-2020-15324 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15348 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection Python Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.8%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel RCE Code Injection +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy