EIP-2026-102147

PRE-CVE

ZyXEL VMG3312-B10B - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102147. PoCs published by Samet ŞAHİN.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in ZyXEL VMG3312-B10B via the 'hostname' parameter in a POST request. The payload 'X<svg onload=alert()>' triggers when the malicious input is rendered in the connection status page.

Description

ZyXEL VMG3312-B10B - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Samet ŞAHİN · textwebappshardware

https://www.exploit-db.com/exploits/45236

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in ZyXEL VMG3312-B10B via the 'hostname' parameter in a POST request. The payload 'X<svg onload=alert()>' triggers when the malicious input is rendered in the connection status page.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ZyXEL VMG3312-B10B

Auth required

Prerequisites: Access to the admin interface · Valid session cookie

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026