CVE-2007-3010
CRITICAL KEV NUCLEIAl-enterprise Omnipcx Enterprise Comm... - Command Injection
Title source: ruleDescription
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/16857
exploitdb
WORKING POC
VERIFIED
by patrick · rubywebappscgi
https://www.exploit-db.com/exploits/10031
exploitdb
WORKING POC
VERIFIED
by RedTeam Pentesting GmbH · textwebappscgi
https://www.exploit-db.com/exploits/30591
metasploit
WORKING POC
MANUAL
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb
Nuclei Templates (1)
Alcatel-Lucent OmniPCX - Remote Command Execution
CRITICALVERIFIEDby king-alexander
Shodan:
title:"OmniPCX for Enterprise" || http.title:"omnipcx for enterprise"
FOFA:
app="Alcatel_Lucent-OmniPCX-Enterprise" || app="alcatel_lucent-omnipcx-enterprise" || title="omnipcx for enterprise"
References (10)
Scores
CVSS v3
9.8
EPSS
0.9401
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-04-15
VulnCheck KEV
2020-05-07
InTheWild.io
2022-04-15
ENISA EUVD
EUVD-2007-3002
CWE
CWE-77
Status
published
Products (1)
al-enterprise/omnipcx_enterprise_communication_server
< 7.1
Published
Sep 18, 2007
KEV Added
Apr 15, 2022
Tracked Since
Feb 18, 2026