GET Request Method Vulnerability in Zyxel CloudCNM SecuManager
CVE-2020-15338

5.3MEDIUM

Key Information:

Vendor: Zyxel
Status: Cloudcnm Secumanager
Vendor: CVE Published:; 29 September 2022

Summary

The Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1 are prone to a vulnerability that exposes sensitive query string data through the use of GET requests in /cnr requests. This flaw can potentially allow unauthorized access to sensitive information, highlighting the importance of proper request handling in web applications.

References

https://pierrekim.github.io/blog/2020-03-09-zyxel-secuman...

x_refsource_MISC

https://www.zyxel.com/support/vulnerabilities-of-CloudCNM...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Jun 26, 2020