CVE-2018-18876

Опубликовано: 18 июн. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.

Ссылки

https://applied-risk.com/labs/advisories
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
Third Party Advisory
US Government Resource
https://applied-risk.com/labs/advisories
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:columbiaweather:weather_microserver_firmware:ms_2.6.9900:*:*:*:*:*:*:*

cpe:2.3:h:columbiaweather:weather_microserver:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-fx6p-gh9h-77j8

github

больше 3 лет назад