Vulnerability Description
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Zywall 2 Plus Internet Security Appliance Firmware | - |
| Zyxel | Zywall 2 Plus Internet Security Appliance | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-ScripExploitThird Party AdvisoryVDB Entry
- https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=shaExploitThird Party Advisory
- https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtmlBroken LinkVendor Advisory
- https://www.zyxel.com/us/en/support/security_advisories.shtmlVendor Advisory
- http://packetstormsecurity.com/files/166189/Zyxel-ZyWALL-2-Plus-Cross-Site-ScripExploitThird Party AdvisoryVDB Entry
- https://drive.google.com/drive/folders/1_XfWBLqxT2Mqt7uB663Sjlc62pE8-rcN?usp=shaExploitThird Party Advisory
- https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtmlBroken LinkVendor Advisory
- https://www.zyxel.com/us/en/support/security_advisories.shtmlVendor Advisory
FAQ
What is CVE-2021-46387?
CVE-2021-46387 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an a...
How severe is CVE-2021-46387?
CVE-2021-46387 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46387?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Zywall 2 Plus Internet Security Appliance Firmware, Zyxel Zywall 2 Plus Internet Security Appliance.