CVE-2007-3572

Yoggie Pico and Pico Pro - Remote Command Execution via runDiagnostics.cgi param Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3572. PoCs published by Cody Brocious.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Yoggie Pico and Pico Pro devices via the `runDiagnostics.cgi` endpoint. It allows an attacker to execute arbitrary commands with superuser privileges, including replacing the `/etc/shadow` file and starting an SSH server for remote access.

Description

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cody Brocious · textwebappscgi

https://www.exploit-db.com/exploits/30260

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in Yoggie Pico and Pico Pro devices via the `runDiagnostics.cgi` endpoint. It allows an attacker to execute arbitrary commands with superuser privileges, including replacing the `/etc/shadow` file and starting an SSH server for remote access.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Yoggie Pico and Pico Pro

No auth needed

Prerequisites: Network access to the Yoggie device · Device must be connected and accessible via `yoggie.yoggie.com`

MITRE ATT&CK