Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.
27c81054bf82e7e27c3cacdafb1d557c4a7e2711783679d697caa976bac70496Title: Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL
Access
Author: Jakub Palaczynski
CVE: CVE-2017-16787
Exploit tested on:
==================
Meinberg LANTIME Web Configuration Utility 6.16.008
Vulnerability affects:
======================
All LTOS6 firmware releases before 6.24.004
Vulnerability:
**************
Failure to Restrict URL Access:
===============================
Any user is able to read all files stored outside cgi-bin directory without
authentication. This way it is possible to download firmware, statistics or
diagnostics files that are stored in upload directory.
Contact:
========
Jakub[dot]Palaczynski[at]gmail[dot]com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed