An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.
oryginał ENCVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XColumbiaweather Weather Microserver
HWColumbiaweatherwszystkie wersjeColumbiaweather Weather Microserver Firmware
OSColumbiaweather< MS_4.1_14142
Powiązane podatności
An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mu...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alter...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate ...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands d...
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue m...