Vulnerabilities > Columbiaweather

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-18	CVE-2018-18878	Improper Input Validation vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. network low complexity columbiaweather CWE-20	7.5
2019-06-18	CVE-2018-18877	Improper Authentication vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. network low complexity columbiaweather CWE-287	8.8
2019-06-18	CVE-2018-18876	Path Traversal vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. network low complexity columbiaweather CWE-22	5.3
2019-06-18	CVE-2018-18875	Cross-site Scripting vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. network low complexity columbiaweather CWE-79	5.4
2019-06-18	CVE-2018-18880	Cross-site Scripting vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. network low complexity columbiaweather CWE-79	5.4
2019-06-18	CVE-2018-18879	Code Injection vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. network low complexity columbiaweather CWE-94	8.8

Vulnerabilities > Columbiaweather {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Columbiaweather"}]}

Vulnerabilities > Columbiaweather