Arbitrary File Read Vulnerability in Meinberg LANTIME Web Configuration Utility

Arbitrary File Read Vulnerability in Meinberg LANTIME Web Configuration Utility

CVE-2017-16786 · MEDIUM Severity

AV:N/AC:L/AU:S/C:C/I:N/A:N

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

Learn more about our Web App Pen Testing.