CVE-2020-29390

CRITICAL EXPLOITED NUCLEI

Zeroshell 3.9.3 - Command Injection

Title source: llm

Description

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.

Nuclei Templates (1)

Zeroshell 3.9.3 - Command Injection

CRITICALby DhiyaneshDk

Shodan: http.title:"zeroshell"

FOFA: title="zeroshell"

References (1)

[Exploit, Third Party Advisory] https://blog.quake.so/post/zeroshell_linux_router_rce/

Scores

CVSS v3 9.8

EPSS 0.9059

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-08

CWE

CWE-78

Status published

Products (1)

zeroshell/zeroshell 3.9.3

Published Nov 30, 2020

Tracked Since Feb 18, 2026