MidnightBSD

Advisories for postoaktraffic

CVE-2012-4687 HIGH

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-331,CWE-310,

Products Affected

Vendor Product Version
postoaktraffic awam_bluetooth_reader -
CVE-2020-9021 HIGH

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
postoaktraffic awam_bluetooth_field_device_firmware 7800sd.2012.12.5
postoaktraffic awam_bluetooth_field_device_firmware 7800sd.2015.1.16
postoaktraffic awam_bluetooth_field_device_firmware 2011.3
postoaktraffic awam_bluetooth_field_device_firmware 7400v2.08.21.2018
postoaktraffic awam_bluetooth_field_device_firmware 7400v2.02.01.2019