RSS   Vulnerabilities for 'Lantime firmware'   RSS

2017-12-19
 
CVE-2017-16786

CWE-200
 

 
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

 


Copyright 2019, cxsecurity.com

 

Back to Top