PT-2020-14370 · Zyxel · Zyxel Cloudcnm Secumanager

Alexandre Torres

Published

2020-06-26

Updated

2022-07-17

CVE-2020-15336

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue concerns a lack of authentication for "/cnr" requests. This means that the "/cnr" API endpoint does not require authentication, potentially allowing unauthorized access.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the "/cnr" API endpoint until a fix is available. As a temporary workaround, avoid using the "/cnr" requests in the affected Zyxel CloudCNM SecuManager versions until the issue is resolved.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-15336

Affected Products

Zyxel Cloudcnm Secumanager

PT-2020-14370 · Zyxel · Zyxel Cloudcnm Secumanager

CVE-2020-15336

Weakness Enumeration

Related Identifiers

Affected Products

References · 5