CVE-2017-16786

Name of the Vulnerable Software and Affected Versions Meinberg LANTIME devices with firmware prior to 6.24.004

Description The issue allows remote authenticated users with certain privileges to read arbitrary files. This can be achieved via the ntpclientcounterlogfile parameter to "cgi-bin/mainv2" or through vectors involving curl support of the "file" schema in the firmware update functionality.

Recommendations For firmware versions prior to 6.24.004, update to version 6.24.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cgi-bin/mainv2" endpoint and limiting the use of the curl functionality in the firmware update process until a patch is applied.