Iteris Vantage Velocity Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Iteris Vantage Velocity Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-9020 — CVSS 9.8 (critical): Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell…
CVE-2020-9023 — CVSS 9.8 (critical): Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords…
CVE-2020-9024 — CVSS 9.8 (critical): Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by…
CVE-2020-9025 — CVSS 6.1 (medium): Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the…