4 matches found
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2018-18879
CVE-2018-18879 concerns the Columbia Weather MicroServer firmware (MS_2.6.9900 and earlier) where an authenticated web user can pipe commands directly to the underlying OS because input in networkdiags.php is not sanitized. This is a code injection vulnerability with a CVSS v3 base score of 9.8 (...