Show filters
12 Total Results
Displaying 1-10 of 12
Sort by:
Attacker Value
Unknown
CVE-2021-46903
Disclosure Date: February 04, 2024 (last updated February 13, 2024)
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).
0
Attacker Value
Unknown
CVE-2021-46902
Disclosure Date: February 04, 2024 (last updated February 13, 2024)
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.
0
Attacker Value
Unknown
CVE-2023-1731
Disclosure Date: April 24, 2023 (last updated October 08, 2023)
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
0
Attacker Value
Unknown
CVE-2020-7240
Disclosure Date: January 20, 2020 (last updated February 21, 2025)
Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.
0
Attacker Value
Unknown
CVE-2019-17584
Disclosure Date: March 28, 2019 (last updated November 27, 2024)
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.
0
Attacker Value
Unknown
CVE-2017-16786
Disclosure Date: December 19, 2017 (last updated November 26, 2024)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
0
Attacker Value
Unknown
CVE-2017-16787
Disclosure Date: December 15, 2017 (last updated November 26, 2024)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
0
Attacker Value
Unknown
CVE-2017-16788
Disclosure Date: December 15, 2017 (last updated November 26, 2024)
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
0
Attacker Value
Unknown
CVE-2016-3988
Disclosure Date: July 03, 2016 (last updated November 25, 2024)
Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
0
Attacker Value
Unknown
CVE-2016-3962
Disclosure Date: July 03, 2016 (last updated November 25, 2024)
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
0