← Back

Meinbergglobal

meinbergglobal

8 CVEs • 15 products

Products (15)

Click to collapse
Toggle
Lantime Firmware
lantime_firmware
6 CVEs
Lantime M300 Firmware
lantime_m300_firmware
1 CVE
Lantime M1000 Firmware
lantime_m1000_firmware
1 CVE
Syncbox/ptpv2 Firmware
syncbox/ptpv2_firmware
1 CVE
Lantime
lantime
0 CVEs
Lantime M100
lantime_m100
0 CVEs
Lantime M1000
lantime_m1000
0 CVEs
Lantime M200
lantime_m200
0 CVEs
Lantime M300
lantime_m300
0 CVEs
Lantime M3000
lantime_m3000
0 CVEs
Lantime M400
lantime_m400
0 CVEs
Lantime M500
lantime_m500
0 CVEs
Lantime M600
lantime_m600
0 CVEs
Lantime M900
lantime_m900
0 CVEs
Syncbox/ptpv2
syncbox/ptpv2
0 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-46903
1Meinbergglobal
1Lantime Firmware
Jun 17, 2025
Feb 4, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control)...Show more
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).Show less
CVE-2021-46902
1Meinbergglobal
1Lantime Firmware
Jun 17, 2025
Feb 4, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violati...Show more
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.Show less
CVE-2023-1731
1Meinbergglobal
1Lantime Firmware
Nov 21, 2024
Apr 24, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary c...Show more
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. Show less
CVE-2019-17584
1Meinbergglobal
1Syncbox/ptpv2 Firmware
Nov 21, 2024
Jan 21, 2020
N/A· v4
7.5 HIGH· v3
8.5 HIGH· v2
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used...Show more
The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor.Show less
CVE-2020-7240
1Meinbergglobal
2Lantime M1000 Firmware
Lantime M300 Firmware
Nov 21, 2024
Jan 20, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: Accor...Show more
Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.Show less
CVE-2017-16786
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 19, 2017
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to c...Show more
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.Show less
CVE-2017-16788
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 15, 2017
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access...Show more
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.Show less
CVE-2017-16787
1Meinbergglobal
1Lantime Firmware
May 13, 2026
Dec 15, 2017
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.