CVE-2021-46387

MEDIUM NUCLEI

ZyXEL ZyWALL 2 Plus Internet Security Appliance Firmware - Cross-Site Scripting via Insecure URI Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-46387. PoCs published by Momen Eldawakhly. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Zyxel ZyWALL 2 Plus by injecting a malicious payload into the 'id' parameter of the '/Forms/rpAuth_1' endpoint, triggering a JavaScript prompt via an img tag's onerror event.

Description

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

Exploits (1)

exploitdb WORKING POC

by Momen Eldawakhly · textwebappsmultiple

https://www.exploit-db.com/exploits/50797

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in Zyxel ZyWALL 2 Plus by injecting a malicious payload into the 'id' parameter of the '/Forms/rpAuth_1' endpoint, triggering a JavaScript prompt via an img tag's onerror event.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Zyxel ZyWALL 2 Plus

No auth needed

Prerequisites: Access to the vulnerable endpoint · Victim interaction to trigger the payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting

MEDIUMby DhiyaneshDk

Shodan: http.title:"Zywall2Plus" || http.title:"zywall2plus"

FOFA: title="zywall2plus"

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.zyxel.com/us/en/support/security_advisories.shtml

Broken Link, Vendor Advisory x_refsource_misc

https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml

Exploit, Third Party Advisory x_refsource_misc

https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.2103

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zyxel/zywall_2_plus_internet_security_appliance_firmware

Published Mar 01, 2022

Tracked Since Feb 18, 2026