CVE-2021-46387

MEDIUM NUCLEI

ZyXEL ZyWALL 2 Plus - XSS

Title source: llm

Description

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

Exploits (1)

exploitdb WORKING POC

by Momen Eldawakhly · textwebappsmultiple

https://www.exploit-db.com/exploits/50797

View Code ZIP pw:eip

Nuclei Templates (1)

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

MEDIUMby DhiyaneshDk

Shodan: http.title:"Zywall2Plus" || http.title:"zywall2plus"

FOFA: title="zywall2plus"

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing

[Broken Link, Vendor Advisory] https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml

[Vendor Advisory] https://www.zyxel.com/us/en/support/security_advisories.shtml

Scores

CVSS v3 6.1

EPSS 0.2849

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zyxel/zywall_2_plus_internet_security_appliance_firmware

Published Mar 01, 2022

Tracked Since Feb 18, 2026