CVE-2020-7240 - Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to e

CVE-2020-7240

Summary

Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration).

References

https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html
https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

20-01-2020 - 20:15

Published

20-01-2020 - 20:15

Last modified

21-01-2020 - 13:19