Meinberg LANTIME firmware update for third-party components (May 2023)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2023-28486 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27537 CVE-2023-27320 CVE-2023-28487 CVE-2023-1801 CVE-2022-44793 CVE-2022-44792 CVE-2023-26555 CVE-2023-26554 CVE-2023-26553 CVE-2023-26552 CVE-2023-26551 |
| CWE-ID | CWE-78 CWE-20 CWE-371 CWE-415 CWE-787 CWE-125 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. |
| Vulnerable software |
LANTIME Operating System Firmware (LTOS) Hardware solutions / Firmware |
| Vendor | Meinberg radio clocks GmbH & Co. KG |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU74196
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28486
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:*:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU73826
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27533
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate requests.
The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU73827
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) State Issues
EUVDB-ID: #VU73828
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double Free
EUVDB-ID: #VU73830
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-27537
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when sharing HSTS data between connection. A remote attacker can initiate HSTS connection, trigger a double free error and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Double Free
EUVDB-ID: #VU72719
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27320
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) OS Command Injection
EUVDB-ID: #VU74197
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28487
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system. MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU79709
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1801
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the SMB protocol decoder. A remote attacker can send specially crafted over the network, trigger an out-of-bounds write and crash the application.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU73777
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the getrrsetbyname(3) function within the VerifyHostKeyDNS feature. A remote attacker can send a specifically crafted DNS response to the ssh client, trigger an out-of-bounds read of adjacent stack data of the ssh client and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU70879
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-44793
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) NULL pointer dereference
EUVDB-ID: #VU70878
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-44792
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Out-of-bounds write
EUVDB-ID: #VU76002
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within praecis_parse() function in ntpd/refclock_palisade.c. An attacker with physical proximity to device can trigger an out-of-bounds write error by manipulating the GPS receiver and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.003:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU76001
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26554
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.004:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds write
EUVDB-ID: #VU76000
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26553
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.005:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds write
EUVDB-ID: #VU75999
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26552
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.005:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.006:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU75998
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26551
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
MitigationInstall update from vendor's website.
Vulnerable software versionsLANTIME Operating System Firmware (LTOS): 7.00.001 - 7.06.013
CPE2.3- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.009:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.010:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.011:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.012:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.013:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.00.014:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.02.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.001:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.002:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.003:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.004:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.005:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.006:*:*:*:*:*:*:*
- cpe:2.3:h:meinberg_radio_clocks_gmbh_and_co_kg:ltos:7.04.007:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
