CVE-2020-15337 The ZyXel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue.

This might cause an XSS (Cross-Site Scripting) vulnerability in your application. To protect your application from XSS vulnerabilities, you need to filter the received data and filter the request URI. You can do so by using the filter_xml option. For more information, see the following article: To prevent XSS vulnerabilities, XSS filtering is recommended. XSS filtering is a security measure that sanitizes input data before it is sent to a program, preventing XSS attacks. This is done by inspecting the data before it is sent to a program, for example, by using a filtering plugin such as the WordPress XSS Protection plugin. You can find more details about XSS filtering in the WordPress Codex.
When you use the filter_xml option, the received data will be filtered and base64_encode() before it is sent to the program. This prevents a possible XSS vulnerability in your program. For example, you can use the following filter_xml option: To change the request URI, you need to use the filter_rewrite_XML option. For example: The above options can be set in the Zyxel CloudCNM SecuManager server's configuration file /etc/zyxvncm/config-secm.conf. By doing so, the request URI will be changed and no XSS vulnerabilities will be possible in your program.

Zyxel CloudCNM SecuManager installation and configuration

To prevent XSS vulnerabilities, XSS filtering is recommended. XSS filtering is a security measure that sanitizes input data before it is sent to a program, preventing XSS attacks. This is done by inspecting the data before it is sent to a program, for example, by using a filtering plugin such as the WordPress XSS Protection plugin. You can find more details about XSS filtering in the WordPress Codex.
When you use the filter_xml option, the received data will be filtered and base64_encode() before it is sent to the program. This prevents a possible XSS vulnerability in your program. For example, you can use the following filter_xml option: To change the request URI, you need to use the filter_rewrite_XML option. For example: The above options can be set in the Zyxel CloudCNM SecuManager server's configuration file /etc/zyxvncm/config-secm.conf. By doing so, the request URI will be changed and no XSS vulnerabilities will be possible in your program.

Timeline

Published on: 09/29/2022 03:15:00 UTC
Last modified on: 09/29/2022 17:15:00 UTC

References

• https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html
• https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15337