Vulnerabilities (CVE)

Filtered by vendor Meinbergglobal Subscribe
Filtered by product Lantime
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16788 1 Meinbergglobal 2 Lantime, Lantime Firmware 2024-11-21 9.0 HIGH 7.2 HIGH
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
CVE-2017-16787 1 Meinbergglobal 2 Lantime, Lantime Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.