Weather Microserver Firmware Security Vulnerabilities and Issues — Weather Microserver Firmware CVE List

Lucene search

ColumbiaweatherWeather Microserver Firmware

6 matches found

CVE•added 2019/06/18 3:15 p.m.•49 views

CVE-2018-18876

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.

5.3CVSS5.1AI score0.00136EPSS

CVE•added 2019/06/18 2:15 p.m.•45 views

CVE-2018-18879

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.

8.8CVSS8.6AI score0.00446EPSS

CVE•added 2019/06/18 2:15 p.m.•43 views

CVE-2018-18880

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.

5.4CVSS5.1AI score0.00118EPSS

CVE•added 2019/06/18 3:15 p.m.•42 views

CVE-2018-18878

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

7.8CVSS7.4AI score0.01271EPSS

CVE•added 2019/06/18 3:15 p.m.•41 views

CVE-2018-18877

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.

8.8CVSS8.5AI score0.00186EPSS

CVE•added 2019/06/18 3:15 p.m.•39 views

CVE-2018-18875

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.

5.4CVSS5AI score0.00118EPSS