CVE-2007-3572

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/07/2007
Last modified:
09/04/2025

Description

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:yoggie:pico:*:*:*:*:*:*:*:*
cpe:2.3:a:yoggie:pico_pro:*:*:*:*:*:*:*:*