Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/01/07 8:8 p.m.23 views

CVE-2025-66620 Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

8.6CVSS0.00415EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 8:2 p.m.5 views

CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...

7.1CVSS6.7AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that originates when portions of the system firmware are copied to an unencrypted external SD card, potentially resulting in th...

7.1CVSS6.8AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Columbia Weather Systems MicroServer 安全漏洞

Columbia Weather Systems MicroServer is a weather data server from Columbia Weather Systems, USA. A security vulnerability exists in Columbia Weather Systems MicroServer that stems from an unused webshell that allows unlimited login attempts, which could result in limited shell access being gaine...

8.6CVSS6.7AI score0.00415EPSS
Exploits0References2
ICS
ICS
added 2026/01/06 7:0 a.m.8 views

Columbia Weather Systems MicroServer

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to redirect the SSH connection to an attacker controlled device, gain admin access to the web portal, and gain limited shell access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References11
CNVD
CNVD
added 2019/03/20 12:0 a.m.1 views

Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability (CNVD-2019-07785)

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which stems from the program failing to properly validate inpu...

5.4CVSS6.7AI score0.00926EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.1 views

Columbia Weather Systems Weather MicroServer Path Traversal Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A path traversal vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker can use this vulnerability to read files in the...

5.3CVSS6.8AI score0.02371EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.2 views

Columbia Weather Systems Weather MicroServer Unauthorized Access Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An authorized access vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and earlier versions. An attacker could use this vulnerability to bypass...

8.8CVSS6.7AI score0.01706EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.3 views

Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which arises from the program failing to properly validate...

5.4CVSS6.5AI score0.00926EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/20 12:0 a.m.2 views

Columbia Weather Systems Weather MicroServer Input Validation Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. An input validation vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions. An attacker can exploit this vulnerability with specially crafted...

7.8CVSS6.7AI score0.02889EPSS
Exploits0References1
ICS
ICS
added 2019/03/19 12:0 a.m.132 views

Columbia Weather Systems MicroServer

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Columbia Weather Systems, Inc. Equipment: Weather MicroServer Vulnerabilities: Cross-site Scripting, Path Traversal, Improper Authentication, Improper Input Validation, Code Injection 2. RISK...

8.8CVSS8AI score0.02889EPSS
Exploits0References5
Rows per page
Query Builder