Unrated severityNVD Advisory· Published Jul 5, 2007· Updated Jun 16, 2026
CVE-2007-3572
CVE-2007-3572
Description
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
7- archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlnvdExploit
- secunia.com/advisories/25902nvdExploitVendor Advisory
- www.securityfocus.com/bid/24743nvdExploit
- archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.htmlnvd
- osvdb.org/37808nvd
- www.vupen.com/english/advisories/2007/2417nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35208nvd
News mentions
0No linked articles in our index yet.