Sensitive Query Strings Issue in Zyxel CloudCNM SecuManager
CVE-2020-15337

5.3MEDIUM

Key Information:

Vendor: Zyxel
Status: Cloudcnm Secumanager
Vendor: CVE Published:; 29 September 2022

Summary

Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are susceptible to a vulnerability that arises from the improper use of the GET request method, allowing sensitive query strings to be exposed during the /registerCpe requests. This can potentially lead to unauthorized access to sensitive information, highlighting the need for secure coding practices and better data handling mechanisms in web applications.

References

https://pierrekim.github.io/blog/2020-03-09-zyxel-secuman...

x_refsource_MISC

https://www.zyxel.com/support/vulnerabilities-of-CloudCNM...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Jun 26, 2020