ZeroShell kerbynet remote command execution
Added: 05/24/2021Background
Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported.Problem
A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by sending a specially crafted request for the kerbynet CGI.Resolution
Upgrade to ZeroShell 3.9.3 or higher.References
https://www.tarlogic.com/advisories/zeroshell-rce-root.txtPlatforms
LinuxBack to exploit index