Vulnerabilities > Columbiaweather > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-18 | CVE-2018-18878 | Improper Input Validation vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | 7.5 |
| 2019-06-18 | CVE-2018-18877 | Improper Authentication vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | 8.8 |
| 2019-06-18 | CVE-2018-18879 | Code Injection vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | 8.8 |