← Back

Lantime Firmware

lantime_firmware

Vendor: Meinbergglobal • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-46903
1Meinbergglobal
1Lantime Firmware
Jun 17, 2025
Feb 4, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control)...Show more
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).Show less
CVE-2021-46902
1Meinbergglobal
1Lantime Firmware
Jun 17, 2025
Feb 4, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violati...Show more
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.Show less
CVE-2023-1731
1Meinbergglobal
1Lantime Firmware
Nov 21, 2024
Apr 24, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary c...Show more
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. Show less
CVE-2017-16786
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 19, 2017
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to c...Show more
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.Show less
CVE-2017-16788
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 15, 2017
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access...Show more
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.Show less
CVE-2017-16787
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 15, 2017
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.