Filtered by vendor Columbiaweather
Subscribe
Filtered by product Weather Microserver Firmware
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18879 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 6.5 MEDIUM | 8.8 HIGH |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | |||||
CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 3.5 LOW | 5.4 MEDIUM |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | |||||
CVE-2018-18876 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 5.0 MEDIUM | 5.3 MEDIUM |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | |||||
CVE-2018-18877 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 6.5 MEDIUM | 8.8 HIGH |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | |||||
CVE-2018-18878 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 7.8 HIGH | 7.5 HIGH |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | |||||
CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2019-06-18 | 3.5 LOW | 5.4 MEDIUM |
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. |