16 matches found
EUVD-2020-29854
Malware in sbrugna...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
Iteris Vantage Velocity Field Unit Operating System Command Injection Vulnerability
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. An operating system command injection vulnerability exists in the Iteris Vantage Velocity Field Unit versions 2.3.1, 2.4.2, and 3.0. An attacker exploits the vulnerability to execute commands via NTP Server...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9024
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
Design/Logic Flaw
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
Default credentials
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9020
CVE-2020-9020 affects Iteris Vantage Velocity Field Unit firmware versions 2.3.1, 2.4.2, and 3.0. The root cause is an OS command injection via shell metacharacters entered in the NTP Server field processed by the CGI script cgi-bin/timeconfig.py. This could enable remote command execution with h...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9024
The CVE concerns Iteris Vantage Velocity Field Unit, versions 2.3.1 and 2.4.2. The underlying issue is world-writable permissions on two scripts: /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot). This improper permissions setup can allow unauthorized...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...