CVE-2020-15324

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue concerns a world-readable file that stores hardcoded credentials. The file in question is xmpp config.py, located at axess/opt/axXMPPHandler/config/. This poses a significant security risk as it potentially exposes sensitive information.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the xmpp config.py file to prevent unauthorized reading of the hardcoded credentials. As a temporary workaround, changing the file permissions to limit access can help mitigate the risk until a more permanent solution is available.