HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2018-18878

CVSS 7.5v3.0pub. 2019-06-18upd. 2024-11-21

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Columbiaweather Weather Microserver

    HW
    Columbiaweather
    wszystkie wersje
  • Columbiaweather Weather Microserver Firmware

    OS
    Columbiaweather
    ms_2.6.9900
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-66620HIGH8.6ten sam produkt

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and direc...

CVE-2025-61939HIGH8.7ten sam produkt

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mu...

CVE-2018-18879HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands d...

CVE-2018-18877HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alter...

CVE-2018-18880MEDIUM5.4ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scrip...

CVE-2018-18878 β€” Columbiaweather β€” Weather Microserver β€” HIGH β€” CVSS 7.5 | CVEbaza.pl