Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Meinbergglobal Subscribe
Filtered by product Lantime M1000
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7240 1 Meinbergglobal 4 Lantime M1000, Lantime M1000 Firmware, Lantime M300 and 1 more 2020-02-05 9.0 HIGH 8.8 HIGH
** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'
CVE-2017-16786 1 Meinbergglobal 10 Lantime Firmware, Lantime M100, Lantime M1000 and 7 more 2018-01-08 6.8 MEDIUM 6.5 MEDIUM
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.