CVE-2020-15330 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
This APP_KEY should be updated to a new key when upgrading from Zyxel CloudCNM SecuManager 3.0.x to 3.1.x.
For example, if upgrading from Zyxel CloudCNM SecuManager 3.0.1 to 3.1.x, the APP_KEY should be updated from “12345” to “newkey”.
How to update APP_KEY in Zyxel CloudCNM SecuManager 3.1.x
1. Navigate to /opt/axess/etc/default/
2. Update the APP_KEY line to “newkey”.
Update the APP_KEY for Zyxel CloudCNM SecuManager 3.2.x
1. Navigate to /opt/axess/etc/default/
2. Update the APP_KEY line to “newkey”.
How to know if APP_KEY is upgraded?
1. Navigate to /opt/axess/etc/default/
2. Compare the value of APP_KEY with “newkey”
Zyxel CloudCNM SecuManager 3.2.x
The APP_KEY should be updated to a new key when upgrading from Zyxel CloudCNM SecuManager 3.2.x to 3.3.x or later.
For example, if upgrading from Zyxel CloudCNM SecuManager 3.2.1 to 3.3.1, the APP_KEY should be updated from “12345” to “newkey”
Timeline
Published on: 09/29/2022 03:15:00 UTC
Last modified on: 09/29/2022 17:15:00 UTC