.. / CVE-2021-46387

Exploit for Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (CVE-2021-46387)

Description:

ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.

Nuclei Template

View the template here CVE-2021-46387.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-46387.yaml

References:

https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml
https://nvd.nist.gov/vuln/detail/CVE-2021-46387
https://www.exploit-db.com/exploits/50797
https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=sharing
https://www.zyxel.com/us/en/support/security_advisories.shtml

.. / CVE-2021-46387 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (CVE-2021-46387)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-46387