Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.