CVE-2007-3010

CRITICALNVD 9.89.8—Trending — 4 sources updated this weekExploited in the wild

9.8

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

CVSS v3: 9.8
EG Score: 9.8(high)
EPSS: 99.9%
KEV: ⚠ Exploited

Published

September 18, 2007

Last Modified

April 21, 2026

Advisory Details (6)

Auto-updated Apr 30, 2026

🔬 Proof of concept available. Patch available.

generic Patch Available🟡 PoC Available

'[Full-disclosure] Alcatel-Lucent OmniPCX Remote Command Execution' - MARC

http://marc.info/?l=full-disclosure&m=119002152126755&w=2

generic

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/36632

generic

VUPEN Security - Vulnerability Research and Intelligence

http://www.vupen.com/english/advisories/2007/3185

generic

http://www.securityfocus.com/bid/25694

generic

http://www.securityfocus.com/archive/1/479699/100/0/threaded

generic

About Secunia Research | Flexera

http://secunia.com/advisories/26853

Weakness Classification(2)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-03 11:17 UTCEG score recompute
2026-06-03 11:17 UTCGHSA enrichment
2026-06-03 07:06 UTCEG score recompute
2026-06-03 07:06 UTCGHSA enrichment
2026-06-03 02:56 UTCEG score recompute
2026-06-03 02:56 UTCGHSA enrichment
2026-06-02 22:45 UTCEG score recompute
2026-06-02 22:45 UTCGHSA enrichment
2026-06-02 18:34 UTCEG score recompute
2026-06-02 18:34 UTCGHSA enrichment
2026-06-02 18:32 UTCkev_newly_listed
2026-06-02 14:23 UTCEG score recompute
2026-06-02 14:23 UTCGHSA enrichment
2026-06-02 10:13 UTCEG score recompute
2026-06-02 10:13 UTCGHSA enrichment
2026-06-02 06:03 UTCEG score recompute
2026-06-02 06:03 UTCGHSA enrichment
2026-06-02 01:52 UTCEG score recompute
2026-06-02 01:52 UTCGHSA enrichment
2026-06-01 21:42 UTCEG score recompute

Publicly available exploits

(5 references)

Working exploit code is in the public domain (1 Metasploit module) (3 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

Exploit-DBEDB-16857✓ verified
First seen Oct 5, 2010
Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)
Open source ↗
Exploit-DBEDB-30591✓ verified
First seen Sep 17, 2007
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
Open source ↗
Exploit-DBEDB-10031✓ verified
First seen Sep 17, 2007
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
Open source ↗
Metasploitexploit/linux/http/alcatel_omnipcx_mastercgi_exec✓ verified
First seen Sep 9, 2007
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
Open source ↗
Nucleihttp/cves/2007/CVE-2007-3010.yaml
First seen Jan 1, 2007
Alcatel-Lucent OmniPCX - Remote Command Execution
Open source ↗

Frequently asked(6)

What is CVE-2007-3010?

CVE-2007-3010 is a critical vulnerability published on September 18, 2007. masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

When was CVE-2007-3010 disclosed?

CVE-2007-3010 was first published in the National Vulnerability Database on September 18, 2007, with the most recent update on April 21, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2007-3010 actively exploited?

Yes. CISA added CVE-2007-3010 to the Known Exploited Vulnerabilities catalog on April 15, 2022, affecting Alcatel OmniPCX Enterprise. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2007-3010?

CVE-2007-3010 has a CVSS v3 base score of 9.8 (NVD).

Which products are affected by CVE-2007-3010?

CVE-2007-3010 affects Alcatel OmniPCX Enterprise. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2007-3010?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2007-3010, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2007-3010

Explore →

Is Your Infrastructure Affected by CVE-2007-3010?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-3010

📅 Published

🔄 Last Modified

📋 Advisory Details (6)

'[Full-disclosure] Alcatel-Lucent OmniPCX Remote Command Execution' - MARC

IBM X-Force Exchange

VUPEN Security - Vulnerability Research and Intelligence

About Secunia Research | Flexera

Weakness Classification(2)

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-3010?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (6)

Frequently asked(6)

Related CVEs(same CWE)