Vulnerabilities > CVE-2020-15337 - Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html
- https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html
- https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
- https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml