ZeroShell 3.9.3 /cgi-bin/kerbynet StartSessionSubmit os command injection

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in ZeroShell 3.9.3 and classified as critical. Affected by this vulnerability is some unknown processing of the file /cgi-bin/kerbynet. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/30/2020 08:45 PM12/11/2020 02:36 PM12/11/2020 02:39 PM
nameZeroShellZeroShellZeroShell
version3.9.33.9.33.9.3
file/cgi-bin/kerbynet/cgi-bin/kerbynet/cgi-bin/kerbynet
argumentStartSessionSubmitStartSessionSubmitStartSessionSubmit
cwe78 (privilege escalation)78 (privilege escalation)78 (privilege escalation)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
urlhttps://blog.quake.so/post/zeroshell_linux_router_rce/https://blog.quake.so/post/zeroshell_linux_router_rce/https://blog.quake.so/post/zeroshell_linux_router_rce/
cveCVE-2020-29390CVE-2020-29390CVE-2020-29390
date1606690800 (11/30/2020)1606690800 (11/30/2020)1606690800 (11/30/2020)
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_avAAA
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore5.85.85.8
cvss2_vuldb_tempscore5.85.85.8
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_meta_basescore6.36.38.0
cvss3_meta_tempscore6.36.38.0
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16066908001606690800
cve_nvd_summaryZeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciC
cvss2_nvd_iiC
cvss2_nvd_aiC
cvss2_nvd_basescore10.0
cvss3_nvd_basescore9.8

Do you need the next level of professionalism?

Upgrade your account now!