The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-1528 | ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for (1) RemMagSNMP.html, which discloses SNMP communities; or (2) WLAN.html, which discloses WEP keys. | Medium | Mar 26, 2008 |
| CVE-2008-1522 | ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), have (1) "user" as their default password for the "user" account and (2) "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access. | High | Mar 26, 2008 |
| CVE-2008-1521 | ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40(AGD.2) through 3.40(AHQ.3), allow remote authenticated users to gain privileges by accessing administrative URIs, as demonstrated by rpSysAdmin.html. | Medium | Mar 26, 2008 |
| CVE-2008-1529 | ZyXEL Prestige routers have a minimum password length for the admin account that is too small, which makes it easier for remote attackers to guess passwords via brute force methods. | Medium | Mar 26, 2008 |
| CVE-2015-6020 | ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | High | Dec 31, 2015 |
| CVE-2016-10401 | ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | HIGH | Jul 25, 2017 |
| CVE-2015-6016 | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via unspecified vectors. | High | Dec 31, 2015 |
| CVE-2018-5330 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | HIGH | Jan 16, 2018 |
| CVE-2017-17901 | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | HIGH | Dec 29, 2017 |
| CVE-2019-15815 | ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | MEDIUM | Nov 12, 2019 |
| CVE-2015-7256 | ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | MEDIUM | Sep 28, 2017 |
| CVE-2017-15226 | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | HIGH | Oct 10, 2017 |
| CVE-2019-6710 | Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. | MEDIUM | Mar 22, 2019 |
| CVE-2020-15327 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | -- | Sep 29, 2022 |
| CVE-2020-15329 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | -- | Sep 29, 2022 |
| CVE-2020-15328 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | -- | Sep 29, 2022 |
| CVE-2020-15332 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | -- | Sep 29, 2022 |
| CVE-2020-15322 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. | HIGH | Jul 6, 2020 |
| CVE-2020-15347 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. | -- | Sep 29, 2022 |
| CVE-2020-15323 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. | HIGH | Jul 6, 2020 |
| CVE-2020-15321 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. | HIGH | Jul 6, 2020 |
| CVE-2020-15320 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | HIGH | Jul 2, 2020 |
| CVE-2020-15335 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | MEDIUM | Jun 26, 2020 |
| CVE-2020-15336 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | MEDIUM | Jun 26, 2020 |
| CVE-2020-15343 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. | -- | Sep 29, 2022 |
| CVE-2020-15342 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. | -- | Sep 29, 2022 |
| CVE-2020-15344 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. | -- | Sep 29, 2022 |
| CVE-2020-15345 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. | -- | Sep 29, 2022 |
| CVE-2020-15341 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | -- | Sep 29, 2022 |
| CVE-2020-15324 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | HIGH | Jul 6, 2020 |
| CVE-2020-15337 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a Use of GET Request Method With Sensitive Query Strings issue for /registerCpe requests. | -- | Sep 29, 2022 |
| CVE-2020-15338 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a Use of GET Request Method With Sensitive Query Strings issue for /cnr requests. | -- | Sep 29, 2022 |
| CVE-2020-15314 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | MEDIUM | Jul 2, 2020 |
| CVE-2020-15319 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | MEDIUM | Jul 2, 2020 |
| CVE-2020-15317 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. | MEDIUM | Jul 6, 2020 |
| CVE-2020-15340 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | -- | Sep 29, 2022 |
| CVE-2020-15331 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | -- | Sep 29, 2022 |
| CVE-2020-15325 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | -- | Sep 29, 2022 |
| CVE-2020-15313 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | MEDIUM | Jul 2, 2020 |
| CVE-2020-15316 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. | MEDIUM | Jul 6, 2020 |
| CVE-2020-15312 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | MEDIUM | Jul 2, 2020 |
| CVE-2020-15318 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. | MEDIUM | Jul 6, 2020 |
| CVE-2020-15315 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. | MEDIUM | Jul 6, 2020 |
| CVE-2020-15326 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | -- | Sep 29, 2022 |
| CVE-2020-15330 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | -- | Sep 29, 2022 |
| CVE-2020-15346 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. | -- | Sep 29, 2022 |
| CVE-2020-15348 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. | HIGH | Jun 26, 2020 |
| CVE-2020-15339 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. | -- | Sep 29, 2022 |
| CVE-2020-15334 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | -- | Sep 29, 2022 |
| CVE-2020-15333 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL select * from Administrator_users and select * from Users_users requests. | -- | Sep 29, 2022 |
