← volver
CVE-2007-3572

CVE-2007-3572

EPSS 8.4%
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/30260no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.htmlhttp://osvdb.org/37808http://secunia.com/advisories/25902https://exchange.xforce.ibmcloud.com/vulnerabilities/35208http://www.securityfocus.com/bid/24743http://www.vupen.com/english/advisories/2007/2417