Meinbergglobal: >> Lantime Firmware >> 6.24.006 Security Vulnerabilities
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-02-04
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-04
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-04-24