RSS   Podatności dla 'Weather microserver firmware'   RSS

2019-06-18
 
CVE-2018-18880

CWE-79
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.

 
 
CVE-2018-18879

CWE-94
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.

 
 
CVE-2018-18878

CWE-20
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

 
 
CVE-2018-18877

CWE-287
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.

 
 
CVE-2018-18876

CWE-22
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.

 
 
CVE-2018-18875

CWE-79
 

 
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top