PT-2019-9657 · Columbia Weather · Columbia Weather Microserver
John Elder
+1
·
Published
2019-06-18
·
Updated
2019-06-18
·
CVE-2018-18878
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Columbia Weather MicroServer version MS 2.6.9900
Description
The issue arises from the BACnet daemon's failure to properly validate input. This could allow a remote attacker to send specially crafted packets, potentially causing the device to become unavailable.
Recommendations
For version MS 2.6.9900, consider disabling the BACnet daemon until a patch is available to prevent potential exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Columbia Weather Microserver