CVE-2020-15340

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue is related to the implementation of the CPE WAN Management Protocol (TR-069) in the Zyxel CloudCNM SecuManager software, which uses hardcoded credentials when handling the SSH key located at opt/axess/AXAssets/default axess/axess/TR69/Handlers/turbolink/sshkeys/id rsa. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 3.1.0 and 3.1.1, consider disabling the use of the hardcoded SSH key id rsa in the opt/axess/AXAssets/default axess/axess/TR69/Handlers/turbolink/sshkeys directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.