Vulnerabilities > Iteris

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-17	CVE-2020-9025	Cross-site Scripting vulnerability in Iteris Vantage Velocity Firmware 2.4.2 Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. network low complexity iteris CWE-79	6.1
2020-02-17	CVE-2020-9024	Incorrect Permission Assignment for Critical Resource vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. network low complexity iteris CWE-732 critical	9.8
2020-02-17	CVE-2020-9023	Weak Password Requirements vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). network low complexity iteris CWE-521 critical	9.8
2020-02-17	CVE-2020-9020	OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. network low complexity iteris CWE-78 critical	9.8

Vulnerabilities > Iteris {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Iteris"}]}