In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
References
Link | Resource |
---|---|
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
23 May 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. |
03 May 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:* cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:* cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:* cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:* cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:* cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:* cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-434 | |
References | (MISC) https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm - Vendor Advisory | |
First Time |
Meinbergglobal lantime Firmware
Meinbergglobal lantime M900 Meinbergglobal lantime M200 Meinbergglobal lantime M600 Meinbergglobal Meinbergglobal lantime M300 Meinbergglobal lantime M400 Meinbergglobal lantime M100 |
24 Apr 2023, 15:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 14:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1731
Mitre link : CVE-2023-1731
CVE.ORG link : CVE-2023-1731
JSON object : View
Products Affected
meinbergglobal
- lantime_m400
- lantime_m100
- lantime_firmware
- lantime_m600
- lantime_m200
- lantime_m300
- lantime_m900
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type