CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15345
https://notcve.org/view.php?id=CVE-2020-15345
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API zy_get_instances_for_update no autenticada • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15346
https://notcve.org/view.php?id=CVE-2020-15346
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una API /live/GLOBALS con la clave CLOUDCNM • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15347
https://notcve.org/view.php?id=CVE-2020-15347
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una contraseña q6xV4aW8bQ4cfD-b para la cuenta axiros • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15325
https://notcve.org/view.php?id=CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta una cookie Erlang embebida para la replicación de ejabberd • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-15326
https://notcve.org/view.php?id=CVE-2020-15326
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. Zyxel CloudCNM SecuManager versiones 3.1.0 y 3.1.1, presenta un certificado embebido para Ejabberd en el archivo ejabberd.pem • https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml • CWE-798: Use of Hard-coded Credentials •