CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
References
Link Resource
https://blog.quake.so/post/zeroshell_linux_router_rce/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:zeroshell:zeroshell:3.9.3:*:*:*:*:*:*:*

Information

Published : 2020-11-30 06:15

Updated : 2020-12-03 09:29


NVD link : CVE-2020-29390

Mitre link : CVE-2020-29390

Products Affected
No products.
CWE