CVE-2017-16787

MEDIUM

Meinberg LANTIME <6.24.004 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16787. PoCs published by Jakub Palaczynski.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file read vulnerability in Meinberg LANTIME Web Configuration Utility. It allows unauthenticated users to read sensitive files like /etc/passwd via a crafted URL parameter, and authenticated admin users to exfiltrate files through the firmware update functionality.

Description

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.

Exploits (1)

exploitdb WORKING POC
by Jakub Palaczynski · textwebappscgi
https://www.exploit-db.com/exploits/43332

This exploit demonstrates an arbitrary file read vulnerability in Meinberg LANTIME Web Configuration Utility. It allows unauthenticated users to read sensitive files like /etc/passwd via a crafted URL parameter, and authenticated admin users to exfiltrate files through the firmware update functionality.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Meinberg LANTIME Web Configuration Utility 6.16.008 (and all LTOS6 firmware releases before 6.24.004)
No auth needed
Prerequisites: Network access to the target device · For the second instance, admin credentials are required
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/33
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43332/

Scores

CVSS v3 6.5
EPSS 0.0662
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
meinbergglobal/lantime_firmware < 6.24.004
Published Dec 15, 2017
Tracked Since Feb 18, 2026