HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2025-66620

CVSS 8.6v4.0pub. 2026-01-07upd. 2026-01-22

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Columbiaweather Weather Microserver

    HW
    Columbiaweather
    wszystkie wersje
  • Columbiaweather Weather Microserver Firmware

    OS
    Columbiaweather
    < MS_4.1_14142
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-61939HIGH8.7ten sam produkt

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mu...

CVE-2018-18877HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alter...

CVE-2018-18878HIGH7.5ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate ...

CVE-2018-18879HIGH8.8ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands d...

CVE-2018-18876MEDIUM5.3ten sam produkt

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue m...

CVE-2025-66620 β€” Columbiaweather β€” Weather Microserver β€” HIGH β€” CVSS 8.6 | CVEbaza.pl