#VU109398 Improper Verification of Cryptographic Signature in LANTIME Operating System Firmware (LTOS)
Published: May 18, 2025
Vulnerability identifier: #VU109398
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LANTIME Operating System Firmware (LTOS)
LANTIME Operating System Firmware (LTOS)
Software vendor:
Meinberg
Meinberg
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrectly implemented signature check of uploaded firmware image files. The check was not performed in time, which could lead to a malicious firmware image being used.
Remediation
Install updates from vendor's website.