Command Injection Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900

Command Injection Vulnerability in Columbia Weather MicroServer Firmware Version MS_2.6.9900

CVE-2018-18879 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.

Learn more about our Web App Pen Testing.