← Back

CVE-2017-16786

nvd nist
Published: Dec 19, 2017Modified: May 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

Affected (1)

Meinbergglobal
1 product
Lantime Firmware
Configuration A
1 vulnerable · 9 platform
Vulnerable SoftwareAffected Versions
Lantime Firmware
Up to 6.24.003
Running on/withPlatform Versions
Meinbergglobal
Lantime M100
All versions
Meinbergglobal
Lantime M1000
All versions
Meinbergglobal
Lantime M200
All versions
Meinbergglobal
Lantime M300
All versions
Meinbergglobal
Lantime M3000
All versions
Meinbergglobal
Lantime M400
All versions
Meinbergglobal
Lantime M500
All versions
Meinbergglobal
Lantime M600
All versions
Meinbergglobal
Lantime M900
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: cve@mitre.org
Issue TrackingThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMailing ListThird Party Advisory

Timeline

No history available yet.