← voltar
CVE-2017-16786

CVE-2017-16786

EPSS 2.0%
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.htmlhttp://seclists.org/fulldisclosure/2017/Dec/50