CVE-2020-15348

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue allows for the injection of Python code through the "live/CPEManager/AXCampaignManager/delete cpes by ids" API endpoint, specifically by manipulating the cpe ids variable. This could potentially lead to unauthorized code execution.

Recommendations For versions 3.1.0 and 3.1.1, consider restricting access to the "live/CPEManager/AXCampaignManager/delete cpes by ids" API endpoint to minimize the risk of exploitation. Avoid using the cpe ids variable in the affected API endpoint until the issue is resolved.