FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2020-15347

Insufficiently Protected Credentials (CWE-522)

Published: Sep 29, 2022 / Updated: 26mo ago

010
CVSS 9.8EPSS 0.44%Critical
CVE info copied to clipboard

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2020-15347. See article

Jun 26, 2020 at 4:46 PM / nitter.net
EPSS

EPSS Score was set to: 0.44% (Percentile: 71.6%)

Sep 15, 2023 at 10:12 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/cloudcnm_secumanager
+null more

Exploits

https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html
+null more

Patches

www.zyxel.com
+null more

Links to Mitre Att&cks

T1558.003: Kerberoasting
+null more

Attack Patterns

CAPEC-102: Session Sidejacking
+null more

News

CVE-2020-15347 (cloudcnm_secumanager)
CyberFishNews / 26mo
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
🚨 NEW: CVE-2020-15347 🚨 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Severity: CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2020-15347
Threat Intel Center / @threatintelctr / 26mo
🚨 NEW: CVE-2020-15347 🚨 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Severity: CRITICAL nvd.nist.gov/vuln/detail/CVE…
Critical - CVE-2020-15347 - Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has...
Security-Database Alerts Monitor : Last 100 Alerts / 26mo
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15347
CVE.report / 26mo
The following vulnerability was found: Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15347 | ZyXEL CloudCNM SecuManager 3.1.0/3.1.1 Axiros Account hard-coded password
VulDB Recent Entries / 26mo
A vulnerability classified as problematic was found in ZyXEL CloudCNM SecuManager 3.1.0/3.1.1. Affected by this vulnerability is an unknown functionality of the component Axiros Account . The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2020-15347 . The attack needs to be initiated within the local network. There is no exploit available.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-522(1149)Zyxel(259)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial