Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16786 | 1 Meinbergglobal | 10 Lantime Firmware, Lantime M100, Lantime M1000 and 7 more | 2018-01-08 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | |||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2018-01-03 | 9.0 HIGH | 7.2 HIGH |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | |||||
| CVE-2017-16787 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2017-12-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | |||||