Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 6.5 Medium |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | ||||
| CVE-2021-46902 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 7.2 High |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | ||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | ||||
| CVE-2017-16787 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | N/A |
| The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | ||||
| CVE-2017-16786 | 1 Meinbergglobal | 10 Lantime Firmware, Lantime M100, Lantime M1000 and 7 more | 2025-04-20 | N/A |
| The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | ||||
| CVE-2023-1731 | 1 Meinbergglobal | 7 Lantime Firmware, Lantime M100, Lantime M200 and 4 more | 2025-02-04 | 7.2 High |
| In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. | ||||
| CVE-2020-7240 | 1 Meinbergglobal | 4 Lantime M1000, Lantime M1000 Firmware, Lantime M300 and 1 more | 2024-11-21 | 8.8 High |
| Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements. | ||||
Page 1 of 1.