CVE-2020-15335
https://notcve.org/view.php?id=CVE-2020-15335
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, no posee autenticación para las peticiones /registerCpe • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-306: Missing Authentication for Critical Function •
CVE-2020-15336
https://notcve.org/view.php?id=CVE-2020-15336
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, no posee autenticación para peticiones /cnr • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html#xmpp-no-auth-cleartext https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-306: Missing Authentication for Critical Function •
CVE-2020-15337
https://notcve.org/view.php?id=CVE-2020-15337
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta un problema de "Uso del Método de Solicitud GET con Cadenas de Consulta Confidenciales" para las peticiones /registerCpe • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-862: Missing Authorization •
CVE-2020-15338
https://notcve.org/view.php?id=CVE-2020-15338
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta un problema de "Uso del Método de Solicitud GET con Cadenas de Consulta Confidenciales" para las peticiones /cnr • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-862: Missing Authorization •
CVE-2020-15339
https://notcve.org/view.php?id=CVE-2020-15339
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, permite live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •