CVE-2020-15334

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue allows escape-sequence injection into the /var/log/axxmpp.log file. This is related to the API endpoint /var/log/axxmpp.log, but specific vulnerable parameters or variables are not mentioned.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the log file to minimize the risk of exploitation. As a temporary workaround, avoid using the logging functionality related to the /var/log/axxmpp.log file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.