Published: 05/07/2007 Updated: 29/07/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote malicious users to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

Vulnerable Product	Search on Vulmon	Subscribe to Product
yoggie pico pro
yoggie pico

source: wwwsecurityfocuscom/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input An attacker can exploit this issue to execute arbitrary code with superuser privileges A successful exploit will result in the complete compromise o ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.html http://www.securityfocus.com/bid/24743 http://secunia.com/advisories/25902 http://www.vupen.com/english/advisories/2007/2417 http://osvdb.org/37808 http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35208 https://nvd.nist.gov https://www.exploit-db.com/exploits/30260/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3572

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect