HIGH🇬🇧 English

CVE-2025-66620

CVSS 8.6v4.0pub. 2026-01-07upd. 2026-01-22

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Columbiaweather Weather Microserver

    HW
    Columbiaweather
    wszystkie wersje
  • Columbiaweather Weather Microserver Firmware

    OS
    Columbiaweather
    < MS_4.1_14142
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-61939HIGH8.7ten sam produkt

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mu...

CVE-2018-18877HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alter...

CVE-2018-18878HIGH7.5ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate ...

CVE-2018-18879HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands d...

CVE-2018-18876MEDIUM5.3ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue m...