Critical severity9.8NVD Advisory· Published Nov 30, 2020· Updated Jun 17, 2026
CVE-2020-29390
CVE-2020-29390
Description
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.
Affected products
2- Zeroshell/Zeroshelldescription
Patches
Vulnerability mechanics
References
1- blog.quake.so/post/zeroshell_linux_router_rce/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.