CNNVD-202508-935 Information

CNNVD ID

CNNVD-202508-935

Related CVE

CVE-2012-10039

• CNNVD Published: 2025-08-11

Description (Chinese)

Zevenet Zen Load Balancer是西班牙Zevenet公司的一款应用交付控制器。 Zevenet Zen Load Balancer 2.0版本和3.0-rc1版本存在安全漏洞，该漏洞源于filelog参数未经验证直接传递给exec函数，可能导致远程代码执行。

Description (English)

Zevenet Zen Load Balancer is an application delivery controller for Zevenet, Spain. Zevenet Zen Load Balancer 2.0 and 3.0-rc1 have a security loophole, which stems from the fact that the filelog parameters are passed directly to the exec function without validation and may result in remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Zevenet

Published

2025-08-11

Last Modified

2026-02-24

References

https://www.fortiguard.com/encyclopedia/ips/33335/zen-load-balancer-filelog-command-execution https://www.exploit-db.com/exploits/21849 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ https://itsecuritysolutions.org/2012-09-21-ZEN-Load-Balancer-v2.0-and-v3.0-rc1-multiple-vulnerabilities/ https://web.archive.org/web/20221203195056/ http://www.zenloadbalancer.com/ https://web.archive.org/web/20111015031540/ https://access.redhat.com/security/cve/cve-2012-10039