11 matches found
CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...
CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...
Columbia Weather Systems MicroServer 安全漏洞
Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that originates when portions of the system firmware are copied to an unencrypted external SD card, potentially resulting in th...
Columbia Weather Systems MicroServer 安全漏洞
Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused webshell that allows unlimited login attempts, which could result in limited shell access being gaine...
Columbia Weather Systems MicroServer
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to redirect the SSH connection to an attacker controlled device, gain admin access to the web portal, and gain limited shell access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability (CNVD-2019-07785)
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which stems from the program failing to properly validate inpu...
Columbia Weather Systems Weather MicroServer Path Traversal Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A path traversal vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker can use this vulnerability to read files in the...
Columbia Weather Systems Weather MicroServer Unauthorized Access Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An authorized access vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker could use this vulnerability to bypass...
Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which arises from the program failing to properly validate...
Columbia Weather Systems Weather MicroServer Input Validation Vulnerability
Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An input validation vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions. An attacker can exploit this vulnerability with specially crafted...
Columbia Weather Systems MicroServer
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Columbia Weather Systems, Inc. Equipment: Weather MicroServer Vulnerabilities: Cross-site Scripting, Path Traversal, Improper Authentication, Improper Input Validation, Code Injection 2. RISK...