CVE-2017-16788

HIGH

Meinberg LANTIME <6.24.004 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/32

Scores

CVSS v3 7.2
EPSS 0.0399
EPSS Percentile 89.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
meinbergglobal/lantime_firmware < 6.24.004
Published Dec 15, 2017
Tracked Since Feb 18, 2026