PT-2019-9655 · Columbia Weather · Columbia Weather Microserver
Published
2019-06-18
·
Updated
2019-06-18
·
CVE-2018-18876
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Columbia Weather MicroServer version MS 2.6.9900
Description
A directory traversal issue in the readouts rd.php directory of Columbia Weather MicroServer's firmware allows an attacker to read any file present on the underlying operating system.
Recommendations
For version MS 2.6.9900, consider restricting access to the readouts rd.php directory until a patch is available. As a temporary workaround, limit the privileges of the underlying operating system to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Columbia Weather Microserver