Search
Find a vulnerability
Search criteria
3 vulnerabilities by postoaktraffic
VAR-202002-1338
Vulnerability from variot - Updated: 2025-01-30 19:56Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. (DoS) It may be put into a state. An attacker could use this vulnerability to gain root access to the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 1.0,
"vendor": "postoaktraffic",
"version": "2011.3"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 1.0,
"vendor": "postoaktraffic",
"version": "7400v2.08.21.2018"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 1.0,
"vendor": "postoaktraffic",
"version": "7800sd.2012.12.5"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 1.0,
"vendor": "postoaktraffic",
"version": "7400v2.02.01.2019"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 1.0,
"vendor": "postoaktraffic",
"version": "7800sd.2015.1.16"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 0.8,
"vendor": "post oak traffic",
"version": "2011.3"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 0.8,
"vendor": "post oak traffic",
"version": "7400v2.02.01.2019"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 0.8,
"vendor": "post oak traffic",
"version": "7400v2.08.21.2018"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 0.8,
"vendor": "post oak traffic",
"version": "7800sd.2012.12.5"
},
{
"model": "awam bluetooth field device",
"scope": "eq",
"trust": 0.8,
"vendor": "post oak traffic",
"version": "7800sd.2015.1.16"
},
{
"model": "oaktraffic systems awam bluetooth field device",
"scope": "eq",
"trust": 0.6,
"vendor": "post",
"version": "7400v2.08.21.2018"
},
{
"model": "oaktraffic systems awam bluetooth field device 7800sd.2015.1.16",
"scope": null,
"trust": 0.6,
"vendor": "post",
"version": null
},
{
"model": "oaktraffic systems awam bluetooth field device",
"scope": "eq",
"trust": 0.6,
"vendor": "post",
"version": "2011.3"
},
{
"model": "oaktraffic systems awam bluetooth field device",
"scope": "eq",
"trust": 0.6,
"vendor": "post",
"version": "7400v2.02.01.2019"
},
{
"model": "oaktraffic systems awam bluetooth field device 7800sd.2012.12.5",
"scope": null,
"trust": 0.6,
"vendor": "post",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:postoaktraffic:awam_bluetooth_field_device_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
}
]
},
"cve": "CVE-2020-9021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002108",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-15562",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9021",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002108",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9021",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-002108",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-15562",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-888",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. (DoS) It may be put into a state. An attacker could use this vulnerability to gain root access to the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9021"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9021",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108",
"trust": 0.8
},
{
"db": "SEEBUG",
"id": "SSVID-98138",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-98139",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-15562",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-888",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"id": "VAR-202002-1338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
}
]
},
"last_update_date": "2025-01-30T19:56:12.976000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.postoaktraffic.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9021"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9021"
},
{
"trust": 0.6,
"url": "http://www.postoaktraffic.com/"
},
{
"trust": 0.6,
"url": "https://www.seebug.org/vuldb/ssvid-98138"
},
{
"trust": 0.6,
"url": "https://www.seebug.org/vuldb/ssvid-98139"
},
{
"trust": 0.6,
"url": "https://www.zoomeye.org/searchresult?q=%22%2fcgi-bin%2fawamconfig.py"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-production-12345/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"date": "2020-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"date": "2020-02-17T04:15:10.780000",
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15562"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002108"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-888"
},
{
"date": "2024-11-21T05:39:50.727000",
"db": "NVD",
"id": "CVE-2020-9021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Post Oak AWAM Bluetooth Field Device In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-888"
}
],
"trust": 0.6
}
}
CVE-2012-4687 (GCVE-0-2012-4687)
Vulnerability from nvd – Published: 2012-12-08 15:00 – Updated: 2025-07-09 18:27
VLAI
EPSS
VEX
Title
Post Oak Bluetooth Traffic Systems Insufficient Entropy
Summary
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.postoaktraffic.com/contact.aspx | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Post Oak Traffic Systems | AWAM Bluetooth Reader Traffic System |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWAM Bluetooth Reader Traffic System",
"vendor": "Post Oak Traffic Systems",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePost Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.\u003c/p\u003e"
}
],
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:27:31.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"
},
{
"url": "http://www.postoaktraffic.com/contact.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n\u003cbr\u003e"
}
],
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."
}
],
"source": {
"advisory": "ICSA-12-335-01",
"discovery": "EXTERNAL"
},
"title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4687",
"datePublished": "2012-12-08T15:00:00.000Z",
"dateReserved": "2012-08-28T00:00:00.000Z",
"dateUpdated": "2025-07-09T18:27:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4687 (GCVE-0-2012-4687)
Vulnerability from cvelistv5 – Published: 2012-12-08 15:00 – Updated: 2025-07-09 18:27
VLAI
EPSS
VEX
Title
Post Oak Bluetooth Traffic Systems Insufficient Entropy
Summary
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.postoaktraffic.com/contact.aspx | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Post Oak Traffic Systems | AWAM Bluetooth Reader Traffic System |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWAM Bluetooth Reader Traffic System",
"vendor": "Post Oak Traffic Systems",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePost Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.\u003c/p\u003e"
}
],
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T18:27:31.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"
},
{
"url": "http://www.postoaktraffic.com/contact.aspx"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n\u003cbr\u003e"
}
],
"value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."
}
],
"source": {
"advisory": "ICSA-12-335-01",
"discovery": "EXTERNAL"
},
"title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-4687",
"datePublished": "2012-12-08T15:00:00.000Z",
"dateReserved": "2012-08-28T00:00:00.000Z",
"dateUpdated": "2025-07-09T18:27:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}