Vulnerabilities (CVE)

Filtered by vendor Columbiaweather Subscribe
Filtered by product Weather Microserver Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18880 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.
CVE-2018-18879 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
CVE-2018-18878 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
CVE-2018-18877 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
CVE-2018-18876 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.
CVE-2018-18875 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.