exploitDog

CVE-2020-29390

Опубликовано: 30 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.

Ссылки

https://blog.quake.so/post/zeroshell_linux_router_rce/
Exploit
Third Party Advisory
https://blog.quake.so/post/zeroshell_linux_router_rce/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:zeroshell:zeroshell:3.9.3:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90592

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-wfh6-xhqh-h5xw

github

больше 3 лет назад

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.

EPSS

Процентиль: 100%

0.90592

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78