ZeroShell kerbynet remote command execution

Added: 05/24/2021

Background

Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported.

Problem

A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by sending a specially crafted request for the kerbynet CGI.

Resolution

Upgrade to ZeroShell 3.9.3 or higher.

References

https://www.tarlogic.com/advisories/zeroshell-rce-root.txt

Platforms

Linux

Back to exploit index