PT-2020-14372 · Zyxel · Zyxel Cloudcnm Secumanager
Alexandre Torres
+1
·
Published
2020-06-26
·
Updated
2022-10-27
·
CVE-2020-15338
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1
Description
The issue is related to the use of GET request method with sensitive query strings for
/cnr requests. This could potentially expose sensitive information.Recommendations
For versions 3.1.0 and 3.1.1, consider restricting access to the
/cnr API endpoint until a fix is available.
As a temporary workaround, avoid using sensitive query strings in GET requests to the /cnr endpoint.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zyxel Cloudcnm Secumanager