CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15340
https://notcve.org/view.php?id=CVE-2020-15340
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una clave SSH embebida en opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15341
https://notcve.org/view.php?id=CVE-2020-15341
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API update_all_realm_license no autenticada • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-15342
https://notcve.org/view.php?id=CVE-2020-15342
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API zy_install_user no autenticada • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15343
https://notcve.org/view.php?id=CVE-2020-15343
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API zy_install_user_key no autenticada • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15344
https://notcve.org/view.php?id=CVE-2020-15344
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API zy_get_user_id_and_key no autenticada • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •