4 matches found
VulnCheck KEV: CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
ZeroShell kerbynet remote command execution
Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...
Command injection
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...