Vulnerabilities > Iteris > Vantage Velocity Firmware > 3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-17	CVE-2020-9020	OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. network low complexity iteris CWE-78 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.