CVE-2016-8588

HIGH

Trend Micro Threat Discovery Appliance <2.6.1062r1 - Authenticated RCE

Title source: llm

Description

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/142220/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-hotfix_upload.cgi-Remote-Code-Execution.html

Scores

CVSS v3 7.3

EPSS 0.0053

EPSS Percentile 67.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (1)

trendmicro/threat_discovery_appliance < 2.6.1062

Published Apr 28, 2017

Tracked Since Feb 18, 2026