Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read
Author: Jakub Palaczynski
Exploit tested on:
Meinberg LANTIME Web Configuration Utility 6.16.008
All LTOS6 firmware releases before 6.24.004
Arbitrary File Read:
It is possible to read arbitrary file on the system with root permissions
Proof of Concept:
Info-User user is able to read any file on the system with root permissions.
User with Admin-User access is able to read any file on the system via
firmware update functionality. Curl accepts "file" schema which actually
downloads file from the filesystem. Then it is possible to download
/upload/update file which contains content of requested file.