Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Meinbergglobal Security Vulnerabilities

cve
cve

CVE-2020-7240

Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated...

8.8CVSS

8.8AI Score

0.033EPSS

2020-01-20 08:15 PM
38
cve
cve

CVE-2021-46903

An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access...

6.5CVSS

6.5AI Score

0.0005EPSS

2024-02-04 09:15 PM
13
cve
cve

CVE-2021-46902

An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access...

7.2CVSS

6.9AI Score

0.001EPSS

2024-02-04 09:15 PM
16
cve
cve

CVE-2023-1731

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary...

7.2CVSS

7.1AI Score

0.001EPSS

2023-04-24 02:15 PM
17
cve
cve

CVE-2019-17584

The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from....

7.5CVSS

7.5AI Score

0.001EPSS

2020-01-21 08:15 PM
31
cve
cve

CVE-2017-16786

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in...

6.5CVSS

6.2AI Score

0.001EPSS

2017-12-19 03:29 PM
23
cve
cve

CVE-2017-16787

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL...

6.5CVSS

6.4AI Score

0.016EPSS

2017-12-15 06:29 PM
32
cve
cve

CVE-2017-16788

Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by...

7.2CVSS

6.9AI Score

0.002EPSS

2017-12-15 06:29 PM
18