Zyxel Cloudcnm Secumanager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Zyxel Cloudcnm Secumanager.
By the Year
In 2026 there have been 0 vulnerabilities in Zyxel Cloudcnm Secumanager. Cloudcnm Secumanager did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 21 | 6.30 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 7.50 |
It may take a day or so for new Cloudcnm Secumanager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zyxel Cloudcnm Secumanager Security Vulnerabilities
Zyxel CloudCNM SecuManager 3.1.x: GET Sensitive Query Strings /cnr
CVE-2020-15338
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
AuthZ
Zyxel CloudCNM SecuManager <=3.1.1 Hardcoded Erlang Cookie
CVE-2020-15325
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Cleartext Storage of Sensitive Information
Zyxel CloudCNM SecuManager 3.1.0-3.1.1 Hardcoded Cert in Ejabberd
CVE-2020-15326
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
Use of Hard-coded Credentials
Zyxel CloudCNM SecuManager 3.1.0/3.1.1 ZODB Unauth
CVE-2020-15327
7.5 - High
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication.
Use of Hard-coded Credentials
Zyxel CloudCNM SecuManager 3.1.0-3.1.1 Weak /opt/axess Permissions
CVE-2020-15328
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions.
Incorrect Permission Assignment for Critical Resource
Weak Data.fs Permissions in Zyxel CloudCNM SecuManager 3.1.0/3.1.1
CVE-2020-15329
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
Incorrect Permission Assignment for Critical Resource
Hardcoded APP_KEY in Zyxel CloudCNM SecuManager 3.1.0/3.1.1 config
CVE-2020-15330
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
Missing Encryption of Sensitive Data
Zyxel CloudCNM SecuManager 3.1 OAUTH secret key exposed
CVE-2020-15331
9.8 - Critical
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
Missing Encryption of Sensitive Data
Zyxel CloudCNM SecuManager 3.1.x Weak /opt/axess/etc/default/axess Permissions
CVE-2020-15332
9.8 - Critical
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
Cleartext Storage of Sensitive Information
Account Discovery via MySQL Enumeration in Zyxel CloudCNM SecuManager 3.1.x
CVE-2020-15333
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
SQL Injection
Escape-Sequence Injection in Zyxel CloudCNM SecuManager 3.1.x (axxmpp.log)
CVE-2020-15334
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
Zyxel CloudCNM SecuManager 3.1.0/3.1.1 GET Sensitive Query Strings Vulnerability
CVE-2020-15337
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
AuthZ
Zyxel CloudCNM SecuManager 3.1.0-3.1.1 XSS in AXCampaignManager endpoint
CVE-2020-15339
6.1 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
XSS
Zyxel CloudCNM SecuManager 3.1.0 Hardcoded SSH Key Exposure
CVE-2020-15340
7.5 - High
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
Missing Encryption of Sensitive Data
Unauthenticated API Vulnerability in Zyxel CloudCNM SecuManager 3.1.0/3.1.1
CVE-2020-15341
7.5 - High
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
Insufficiently Protected Credentials
Unauthenticated zy_install_user API in Zyxel CloudCNM SecuManager 3.1.0-3.1.1
CVE-2020-15342
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
Missing Encryption of Sensitive Data
Unauthenticated zy_install_user_key API in Zyxel CloudCNM SecuManager 3.1.x
CVE-2020-15343
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
Missing Encryption of Sensitive Data
Zyxel CloudCNM SecuManager 3.1.0-3.1.1 Unauthenticated zy_get_user_id_and_key API
CVE-2020-15344
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
Missing Encryption of Sensitive Data
Unauth zy_get_instances_for_update API in Zyxel SecuManager 3.1.0/1.1
CVE-2020-15345
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
Missing Encryption of Sensitive Data
Zyxel CloudCNM SecuManager 3.1.x API Key Leak via /live/GLOBALS
CVE-2020-15346
5.3 - Medium
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
Missing Encryption of Sensitive Data
CVE-2020-15347: Zyxel CloudCNM SecuManager 3.1.1 Default axiros Password
CVE-2020-15347
9.8 - Critical
- September 29, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
Insufficiently Protected Credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
CVE-2020-15336
7.5 - High
- June 26, 2020
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
Missing Authentication for Critical Function
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
CVE-2020-15335
7.5 - High
- June 26, 2020
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
Missing Authentication for Critical Function
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zyxel Cloudcnm Secumanager or by Zyxel? Click the Watch button to subscribe.
