Lucene search
Jakub PalaczynskiEXPLOITPACK:2752EDCBF3F479B9CBB89BE6BC1740BFHistoryDec 13, 2017 - 12:00 a.m.
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
2017-12-1300:00:00
Jakub Palaczynski
12
0.016 Low
EPSS
Percentile
87.6%
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read
Author: Jakub Palaczynski
CVE: CVE-2017-16787
Exploit tested on:
==================
Meinberg LANTIME Web Configuration Utility 6.16.008
Vulnerability affects:
======================
All LTOS6 firmware releases before 6.24.004
Vulnerability:
**************
Arbitrary File Read:
====================
It is possible to read arbitrary file on the system with root permissions
Proof of Concept:
First instance:
https://host/cgi-bin/mainv2?value=800&showntpclientipinfo=xxx&ntpclientcounterlogfile=/etc/passwd&lcs=xxx
Info-User user is able to read any file on the system with root permissions.
Second instance:
User with Admin-User access is able to read any file on the system via
firmware update functionality. Curl accepts "file" schema which actually
downloads file from the filesystem. Then it is possible to download
/upload/update file which contains content of requested file.
Contact:
========
Jakub[dot]Palaczynski[at]gmail[dot]comRelated
packetstorm
packetstorm
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read
2017-12-13 00:00:00
Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass
2017-12-13 00:00:00
prion
prion
Design/Logic Flaw
2017-12-15 18:29:00
zdt
zdt
nessus
nessus
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16787)
2024-05-02 00:00:00
cvelist
cvelist
CVE-2017-16787
2017-12-15 18:00:00
nvd
nvd
CVE-2017-16787
2017-12-15 18:29:00
cve
cve
CVE-2017-16787
2017-12-15 18:29:00
exploitdb
exploitdb
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
2017-12-13 00:00:00