VYPR
Vendor

Iteris

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2020-9024CriFeb 17, 2020
    risk 0.64cvss 9.8epss 0.02

    Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.

  • CVE-2020-9023CriFeb 17, 2020
    risk 0.64cvss 9.8epss 0.01

    Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.

  • CVE-2020-9020CriFeb 17, 2020
    risk 0.64cvss 9.8epss 0.03

    Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.

  • CVE-2020-9025MedFeb 17, 2020
    risk 0.40cvss 6.1epss 0.01

    Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.