CVE-2023-1731

Published: Apr 24, 2023Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

Affected (1)

Products: Meinbergglobal: Lantime Firmware

Meinbergglobal

1 product

Lantime Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Meinbergglobal Lantime Firmware	Before 7.06.013

Running on/with	Platform Versions
Meinbergglobal Lantime M100	All versions
Meinbergglobal Lantime M200	All versions
Meinbergglobal Lantime M300	All versions
Meinbergglobal Lantime M400	All versions
Meinbergglobal Lantime M600	All versions
Meinbergglobal Lantime M900	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm

Source: info@cert.vde.com

Vendor Advisory

https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.