CVE-2017-16788

Name of the Vulnerable Software and Affected Versions Meinberg LANTIME devices with firmware prior to 6.24.004

Description The issue concerns a directory traversal vulnerability in the "Upload Groupkey" functionality of the Web Configuration Utility. This vulnerability allows remote authenticated users with Admin-User access to write to arbitrary files, potentially leading to gaining root privileges. This can be achieved by uploading a file to a sensitive directory, such as the cron.d directory.

Recommendations For Meinberg LANTIME devices with firmware prior to 6.24.004, update the firmware to version 6.24.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Upload Groupkey" functionality in the Web Configuration Utility to minimize the risk of exploitation.