Arbitrary File Read Vulnerability in Meinberg LANTIME Web Configuration Utility
CVE-2017-16786 · MEDIUM Severity
AV:N/AC:L/AU:S/C:C/I:N/A:N
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Learn more about our Web App Pen Testing.