Vulners
Lucene search
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Upload
🗓️ 13 Dec 2017 00:00:00Reported by Jakub PalaczynskiType 
packetstorm🔗 packetstormsecurity.com👁 39 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability (2) | 14 Dec 201700:00 | – | zdt |
 | Meinberg LANTIME Web Configuration Utility Directory Traversal Vulnerability | 19 Dec 201700:00 | – | cnvd |
 | CVE-2017-16788 | 15 Dec 201718:00 | – | cve |
 | CVE-2017-16788 | 15 Dec 201718:00 | – | cvelist |
 | EUVD-2017-7966 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-16788 | 15 Dec 201718:29 | – | nvd |
 | CVE-2017-16788 | 15 Dec 201718:29 | – | osv |
 | Directory traversal | 15 Dec 201718:29 | – | prion |
 | Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16788) | 2 May 202400:00 | – | nessus |
`Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload
(Path Traversal)
Author: Jakub Palaczynski
CVE: CVE-2017-16788
Exploit was tested on:
======================
Meinberg LANTIME Web Configuration Utility 6.16.008
Vulnerability affects:
======================
All LTOS6 firmware releases before 6.24.004
Vulnerability:
**************
Arbitrary File Upload (Path Traversal):
=======================================
It is possible to upload any file to any location on the server.
Proof of Concept:
"Upload Groupkey" functionality allows for uploading any file to any
location on the server. An attacker may use path traversal to store files
in for example cron.d directory and execute them automatically to get root
access on the system.
This vulnerability allows for getting root access on the system from
Admin-User access.
Contact:
========
Jakub[dot]Palaczynski[at]gmail[dot]com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Dec 2017 00:00Current
EPSS0.01341