Vulnerabilities > Zyxel > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2020-15334 Unspecified vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
network
low complexity
zyxel
5.3
5.3
2022-09-29 CVE-2020-15337 Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
network
low complexity
zyxel CWE-862
5.3
5.3
2022-09-29 CVE-2020-15338 Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
network
low complexity
zyxel CWE-862
5.3
5.3
2022-09-29 CVE-2020-15339 Cross-site Scripting vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
network
low complexity
zyxel CWE-79
6.1
6.1
2022-09-29 CVE-2020-15342 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15343 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15344 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15345 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15346 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-20 CVE-2022-34746 Insufficient Entropy vulnerability in Zyxel products
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70.
network
high complexity
zyxel CWE-331
5.9
5.9