CVE-2017-16786

MEDIUM

Meinberg LANTIME <6.24.004 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

References (2)

Core 2
Core References
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/50

Scores

CVSS v3 6.5
EPSS 0.0201
EPSS Percentile 78.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
meinbergglobal/lantime_firmware < 6.24.003
Published Dec 19, 2017
Tracked Since Feb 18, 2026