ID

VAR-202203-0913


CVE

CVE-2021-46387


TITLE

Zyxel ZyWALL 2 Plus Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-21825

DESCRIPTION

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. Zyxel ZyWALL 2 Plus is a firewall appliance for corporate environments from Zyxel, China. The Zyxel ZyWALL 2 Plus has a cross-site scripting vulnerability that stems from a lack of data validation filtering for user-supplied data and output

Trust: 1.53

sources: NVD: CVE-2021-46387 // CNVD: CNVD-2022-21825 // VULMON: CVE-2021-46387

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-21825

AFFECTED PRODUCTS

vendor:zyxelmodel:zywall 2 plus internet security appliancescope:eqversion: -

Trust: 1.0

vendor:zyxelmodel:zywall plusscope:eqversion:2

Trust: 0.6

sources: CNVD: CNVD-2022-21825 // NVD: CVE-2021-46387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-46387
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2022-21825
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202203-021
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-46387
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-46387
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2022-21825
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-46387
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-21825 // VULMON: CVE-2021-46387 // CNNVD: CNNVD-202203-021 // NVD: CVE-2021-46387

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2021-46387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-021

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202203-021

PATCH

title:Patch for Zyxel ZyWALL 2 Plus Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/327041

Trust: 0.6

title:Zyxel Zywall310 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184918

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-21825 // VULMON: CVE-2021-46387 // CNNVD: CNNVD-202203-021

EXTERNAL IDS

db:NVDid:CVE-2021-46387

Trust: 2.3

db:PACKETSTORMid:166189

Trust: 1.7

db:CNVDid:CNVD-2022-21825

Trust: 0.6

db:EXPLOIT-DBid:50797

Trust: 0.6

db:CXSECURITYid:WLB-2022030022

Trust: 0.6

db:CNNVDid:CNNVD-202203-021

Trust: 0.6

db:VULMONid:CVE-2021-46387

Trust: 0.1

sources: CNVD: CNVD-2022-21825 // VULMON: CVE-2021-46387 // CNNVD: CNNVD-202203-021 // NVD: CVE-2021-46387

REFERENCES

url:http://packetstormsecurity.com/files/166189/zyxel-zywall-2-plus-cross-site-scripting.html

Trust: 2.4

url:https://www.zyxel.com/us/en/support/security_advisories.shtml

Trust: 1.7

url:https://drive.google.com/drive/folders/1_xfwblqxt2mqt7ub663sjlc62pe8-rcn?usp=sharing

Trust: 1.7

url:https://www.zyxel.com/uk/en/products_services/zywall_2_plus.shtml

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-46387

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022030022

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-46387/

Trust: 0.6

url:https://www.exploit-db.com/exploits/50797

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-21825 // VULMON: CVE-2021-46387 // CNNVD: CNNVD-202203-021 // NVD: CVE-2021-46387

CREDITS

Momen Eldawakhly

Trust: 0.6

sources: CNNVD: CNNVD-202203-021

SOURCES

db:CNVDid:CNVD-2022-21825
db:VULMONid:CVE-2021-46387
db:CNNVDid:CNNVD-202203-021
db:NVDid:CVE-2021-46387

LAST UPDATE DATE

2024-08-14T13:53:31.779000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-21825date:2022-03-23T00:00:00
db:VULMONid:CVE-2021-46387date:2022-03-09T00:00:00
db:CNNVDid:CNNVD-202203-021date:2022-03-10T00:00:00
db:NVDid:CVE-2021-46387date:2022-03-09T13:17:47.150

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-21825date:2022-03-23T00:00:00
db:VULMONid:CVE-2021-46387date:2022-03-01T00:00:00
db:CNNVDid:CNNVD-202203-021date:2022-03-01T00:00:00
db:NVDid:CVE-2021-46387date:2022-03-01T15:15:07.887