Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-494,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sensysnetworks | vds | 1.8.7 |
| sensysnetworks | trafficdot | 2.10.1 |
| sensysnetworks | vds | * |
| sensysnetworks | vds | 1.8.5 |
| sensysnetworks | vsn240-t | - |
| sensysnetworks | vsn240-f | - |
| sensysnetworks | trafficdot | 2.8.3 |
| sensysnetworks | trafficdot | 2.10.0 |
| sensysnetworks | vds | 2.6.4 |
| sensysnetworks | trafficdot | * |
| sensysnetworks | vds | 2.6.3 |
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sensysnetworks | vds | 1.8.7 |
| sensysnetworks | trafficdot | 2.10.1 |
| sensysnetworks | vds | * |
| sensysnetworks | vds | 1.8.5 |
| sensysnetworks | vsn240-t | - |
| sensysnetworks | vsn240-f | - |
| sensysnetworks | trafficdot | 2.8.3 |
| sensysnetworks | trafficdot | 2.10.0 |
| sensysnetworks | vds | 2.6.4 |
| sensysnetworks | trafficdot | * |
| sensysnetworks | vds | 2.6.3 |