An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.
CPE | Name | Operator | Version |
---|---|---|---|
lantime_firmware | ge | 7.0.0 | |
lantime_firmware | lt | 7.04.008 | |
lantime_firmware | lt | 6.24.029 |