CVE-2021-47741

HIGH

ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation

Title source: llm

Description

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/49737

View Code ZIP pw:eip

References (5)

[Various Sources] http://www.zblchina.com

[Various Sources] https://web.archive.org/web/20211220094023/http://www.wd-thailand.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49737

[Third Party Advisory] https://www.vulncheck.com/advisories/zbl-epon-onu-broadband-router-vr-privilege-escalation-via-configuration-endpoint

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5647.php

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 14.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status draft

Timeline

Published Dec 31, 2025

Tracked Since Feb 18, 2026