Описание
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Ссылки
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingMailing ListThird Party Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.24.003 (включая)
Одновременно
cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m1000:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m3000:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m500:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*
cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00304
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
EPSS
Процентиль: 53%
0.00304
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-200