Vulnerabilities > Columbiaweather > Weather Microserver Firmware > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-18	CVE-2018-18878	Improper Input Validation vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. network low complexity columbiaweather CWE-20	7.5
2019-06-18	CVE-2018-18877	Improper Authentication vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. network low complexity columbiaweather CWE-287	8.8
2019-06-18	CVE-2018-18879	Code Injection vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. network low complexity columbiaweather CWE-94	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.