Command Injection Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900
CVE-2018-18879 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
Learn more about our Web App Pen Testing.