Zyxel: Security Vulnerabilities
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-09-29
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-09-29
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-09-20
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-09-06