CVE-2021-47741

HIGH

ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47741. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in ZBL EPON ONU Broadband Router 1.0. By sending specific HTTP requests, an attacker can disclose the super user password, allowing elevation from a limited admin account to a super user account.

Description

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/49737

This exploit demonstrates a privilege escalation vulnerability in ZBL EPON ONU Broadband Router 1.0. By sending specific HTTP requests, an attacker can disclose the super user password, allowing elevation from a limited admin account to a super user account.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ZBL EPON ONU Broadband Router 1.0 (Firmware: V100R001, Software: V2.46.02P6T5S)
Auth required
Prerequisites: Access to a limited admin account (admin:admin) · Network access to the router's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0025
EPSS Percentile 15.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-522
Status published
Products (1)
Zblchina/ZBL EPON ONU Broadband Router 1.0
Published Dec 31, 2025
Tracked Since Feb 18, 2026