Search criteria
1 vulnerability found for lantime by meinbergglobal
VAR-201712-0383
Vulnerability from variot - Updated: 2025-04-20 23:36The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. Meinberg LANTIME The device firmware contains an information disclosure vulnerability.Information may be obtained. Meinberg LANTIME is an NTP time server of Germany Meinberg company. Web Configuration Utility is one of the Web configuration tools. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to 6.24.004. A remote attacker could exploit this vulnerability to read arbitrary files by sending the 'ntpclientcounterlogfile' parameter to cgi-bin/mainv2 or by other means
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lantime",
"scope": "lte",
"trust": 1.0,
"vendor": "meinbergglobal",
"version": "6.24.003"
},
{
"model": "lantime",
"scope": "lt",
"trust": 0.8,
"vendor": "meinberg funkuhren",
"version": "6.24.004"
},
{
"model": "lantime",
"scope": "eq",
"trust": 0.6,
"vendor": "meinbergglobal",
"version": "6.24.003"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:meinberg:lantime_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
}
]
},
"cve": "CVE-2017-16786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-16786",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-107743",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-16786",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16786",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16786",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-355",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107743",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-16786",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the \"file\" schema in the firmware update functionality. Meinberg LANTIME The device firmware contains an information disclosure vulnerability.Information may be obtained. Meinberg LANTIME is an NTP time server of Germany Meinberg company. Web Configuration Utility is one of the Web configuration tools. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to 6.24.004. A remote attacker could exploit this vulnerability to read arbitrary files by sending the \u0027ntpclientcounterlogfile\u0027 parameter to cgi-bin/mainv2 or by other means",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "VULMON",
"id": "CVE-2017-16786"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "145388",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2017-16786",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-107743",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-16786",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"id": "VAR-201712-0383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-107743"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:36:44.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.meinbergglobal.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/145388/meinberg-lantime-web-configuration-utility-6.16.008-arbitrary-file-read.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/50"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16786"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16786"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-107743"
},
{
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-107743"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"date": "2018-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"date": "2017-12-19T15:29:00.353000",
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-107743"
},
{
"date": "2018-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-16786"
},
{
"date": "2018-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011635"
},
{
"date": "2017-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-355"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-16786"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meinberg LANTIME Information disclosure vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011635"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-355"
}
],
"trust": 0.6
}
}