Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yoggie Pico/Pico Pro反引号远程命令执行漏洞
Vulnerability Description
Yoggie Pico是一款小巧的USB设备,可实现防火墙和反病毒功能。 Yoggie Pico在处理用户提交的请求数据时存在漏洞,远程攻击者可能利用此漏洞在设备上执行任意命令。 Yoggie Pico安全设备的Web接口开放了ping功能以便于诊断。这个接口以ping -c 10 <given ip>的形式将输入的IP/主机名直接传送给了ping命令,并对"&"、";"和管道执行了基本安全检查,但没有检查反引号("`"),这允许攻击者通过提交特制的URL请求在设备上以root用户权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A