6.8
CVE-2017-16786
- EPSS 0.3%
- Veröffentlicht 19.12.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Meinbergglobal ≫ Lantime Firmware Version <= 6.24.003
Meinbergglobal ≫ Lantime M100 Version-
Meinbergglobal ≫ Lantime M1000 Version-
Meinbergglobal ≫ Lantime M200 Version-
Meinbergglobal ≫ Lantime M300 Version-
Meinbergglobal ≫ Lantime M3000 Version-
Meinbergglobal ≫ Lantime M400 Version-
Meinbergglobal ≫ Lantime M500 Version-
Meinbergglobal ≫ Lantime M600 Version-
Meinbergglobal ≫ Lantime M900 Version-
Meinbergglobal ≫ Lantime M1000 Version-
Meinbergglobal ≫ Lantime M200 Version-
Meinbergglobal ≫ Lantime M300 Version-
Meinbergglobal ≫ Lantime M3000 Version-
Meinbergglobal ≫ Lantime M400 Version-
Meinbergglobal ≫ Lantime M500 Version-
Meinbergglobal ≫ Lantime M600 Version-
Meinbergglobal ≫ Lantime M900 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.