5.3

CVE-2020-15329

Exploit
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZyxelCloudcnm Secumanager Version3.1.0
ZyxelCloudcnm Secumanager Version3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.85% 0.533
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html
Third Party Advisory
Exploit
https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
Vendor Advisory