In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HColumbiaweather Weather Microserver
HWColumbiaweatherwszystkie wersjeColumbiaweather Weather Microserver Firmware
OSColumbiaweatherms_2.6.9900
Powiązane podatności
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and direc...
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mu...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate ...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alter...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scrip...