Filtered by vendor Columbiaweather Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-18880 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.
CVE-2018-18876 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.
CVE-2018-18875 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.
CVE-2018-18877 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
CVE-2018-18878 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
CVE-2018-18879 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-08-05 N/A
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.