CVE-2020-15335

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue concerns a lack of authentication for "/registerCpe" requests. This means that the "/registerCpe" endpoint can be accessed without proper authentication, potentially allowing unauthorized access.

Recommendations For versions 3.1.0 and 3.1.1, as a temporary workaround, consider restricting access to the "/registerCpe" endpoint until a patch is available. Avoid using this endpoint in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.