Columbiaweather Weather Microserver Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Columbiaweather Weather Microserver Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-18879 — CVSS 8.8 (high): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying…
CVE-2025-61939 — CVSS 8.8 (high): An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An…
CVE-2018-18877 — CVSS 8.8 (high): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page…
CVE-2025-66620 — CVSS 8.0 (high): An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with…
CVE-2018-18878 — CVSS 7.5 (high): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a…
CVE-2018-18880 — CVSS 5.4 (medium): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability…
CVE-2018-18875 — CVSS 5.4 (medium): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote…
CVE-2018-18876 — CVSS 5.3 (medium): In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any…