Vulnerabilities > Iteris > Vantage Velocity Firmware > 2.3.1

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2020-9024 Incorrect Permission Assignment for Critical Resource vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.
network
low complexity
iteris CWE-732
critical
 9.8
9.8
2020-02-17 CVE-2020-9023 Weak Password Requirements vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse).
network
low complexity
iteris CWE-521
critical
 9.8
9.8
2020-02-17 CVE-2020-9020 OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
network
low complexity
iteris CWE-78
critical
 9.8
9.8