Vulnerabilities > Meinbergglobal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-04 | CVE-2021-46902 | Unspecified vulnerability in Meinbergglobal Lantime Firmware An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. | 7.2 |
| 2024-02-04 | CVE-2021-46903 | Unspecified vulnerability in Meinbergglobal Lantime Firmware An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. | 6.5 |
| 2023-04-24 | CVE-2023-1731 | Unrestricted Upload of File with Dangerous Type vulnerability in Meinbergglobal Lantime Firmware In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. | 7.2 |
| 2020-01-21 | CVE-2019-17584 | Unspecified vulnerability in Meinbergglobal Syncbox/Ptpv2 Firmware 5.32/5.34G/5.34O The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. | 7.5 |
| 2020-01-20 | CVE-2020-7240 | OS Command Injection vulnerability in Meinbergglobal Lantime M1000 Firmware and Lantime M300 Firmware Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). | 8.8 |
| 2017-12-19 | CVE-2017-16786 | Information Exposure vulnerability in Meinbergglobal Lantime Firmware The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | 6.5 |
| 2017-12-15 | CVE-2017-16788 | Path Traversal vulnerability in Meinbergglobal Lantime Firmware Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | 7.2 |
| 2017-12-15 | CVE-2017-16787 | Information Exposure vulnerability in Meinbergglobal Lantime Firmware The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | 6.5 |