Missing Encryption of Sensitive Data
CVE-2020-15340
Summary
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.
References
Advisory Timeline
- Published
