CVE-2020-7240

Name of the Vulnerable Software and Affected Versions Meinberg Lantime M300 and M1000 devices (affected versions not specified)

Description The issue allows attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script, also known as Extended Network Configuration. This requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands.

Recommendations For Meinberg Lantime M300 and M1000 devices, consider restricting access to the /config/netconf.cmd script to prevent unauthorized edits. As a temporary workaround, consider disabling the webUI function that allows editing of the /config/netconf.cmd script until a fix is available. Restrict super-user access to the webUI function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.