Lucene search
K

5 matches found

CNVD
CNVD
added 2020/02/18 12:0 a.m.3 views

An unspecified vulnerability exists in the Iteris Vantage Velocity Field Unit.

The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A security vulnerability exists in the Iteris Vantage Velocity Field Unit version 2.3.1 and 2.4.2, which originates from a program that assigns global writable privileges to the /root/cleardata.pl and...

10CVSS6.8AI score0.01843EPSS
Exploits1References1
OSV
OSV
added 2020/02/17 4:15 a.m.3 views

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

9.8CVSS7.3AI score0.01843EPSS
Exploits1References1
Prion
Prion
added 2020/02/17 4:15 a.m.12 views

Design/Logic Flaw

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

10CVSS9.5AI score0.01843EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/17 3:3 a.m.119 views

CVE-2020-9020

CVE-2020-9020 affects Iteris Vantage Velocity Field Unit firmware versions 2.3.1, 2.4.2, and 3.0. The root cause is an OS command injection via shell metacharacters entered in the NTP Server field processed by the CGI script cgi-bin/timeconfig.py. This could enable remote command execution with h...

10CVSS9.7AI score0.02535EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/17 3:3 a.m.95 views

CVE-2020-9025

CVE-2020-9025 affects Iteris Vantage Velocity Field Unit, version 2.4.2. The vulnerability is a class of stored XSS occurring in all parameters of the Start Data Viewer feature implemented by the /cgi-bin/loaddata.py script. The root cause is stated as a lack of proper validation of client-side d...

6.1CVSS6AI score0.00668EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder