CVE-2020-15337

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue is related to the use of GET request method with sensitive query strings for /registerCpe requests. This can potentially expose sensitive information.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the /registerCpe endpoint until a fix is available. As a temporary workaround, avoid using sensitive query strings in the /registerCpe requests. Restrict access to sensitive information that may be exposed through the /registerCpe endpoint.