CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15313
https://notcve.org/view.php?id=CVE-2020-15313
29 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una clave SSH ECDSA embebida para la cuenta root • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15312
https://notcve.org/view.php?id=CVE-2020-15312
29 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una clave SSH DSA embebida para la cuenta root • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15332
https://notcve.org/view.php?id=CVE-2020-15332
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta permisos débiles en /opt/axess/etc/default/axess • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15333
https://notcve.org/view.php?id=CVE-2020-15333
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, permite a atacantes detectar cuentas por medio de peticiones MySQL "select * from Administrator_users" y "select * from Users_users" • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15334
https://notcve.org/view.php?id=CVE-2020-15334
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, permite una inyección de secuencias de escape en el archivo /var/log/axxmpp.log • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15335
https://notcve.org/view.php?id=CVE-2020-15335
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, no posee autenticación para las peticiones /registerCpe • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15336
https://notcve.org/view.php?id=CVE-2020-15336
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, no posee autenticación para peticiones /cnr • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15337
https://notcve.org/view.php?id=CVE-2020-15337
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta un problema de "Uso del Método de Solicitud GET con Cadenas de Consulta Confidenciales" para las peticiones /registerCpe • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15338
https://notcve.org/view.php?id=CVE-2020-15338
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta un problema de "Uso del Método de Solicitud GET con Cadenas de Consulta Confidenciales" para las peticiones /cnr • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15339
https://notcve.org/view.php?id=CVE-2020-15339
26 Jun 2020 — Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, permite live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •