Unrated severityNVD Advisory· Published Jul 5, 2007· Updated Apr 23, 2026

CVE-2007-3572

Description

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

Affected products

Yoggie/Pico
cpe:2.3:a:yoggie:pico:*:*:*:*:*:*:*:*
Yoggie/Pico Pro
cpe:2.3:a:yoggie:pico_pro:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2007-07/0020.htmlnvdExploit
secunia.com/advisories/25902nvdExploitVendor Advisory
www.securityfocus.com/bid/24743nvdExploit
archives.neohapsis.com/archives/fulldisclosure/2007-07/0092.htmlnvd
osvdb.org/37808nvd
www.vupen.com/english/advisories/2007/2417nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35208nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000