Improper Verification of Cryptographic Signature in LANTIME Operating System Firmware (LTOS) - #VU109398
Published: May 18, 2025
Vulnerability identifier: #VU109398
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-347
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Meinberg
Affected software:
LANTIME Operating System Firmware (LTOS)
LANTIME Operating System Firmware (LTOS)
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrectly implemented signature check of uploaded firmware image files. The check was not performed in time, which could lead to a malicious firmware image being used.
Remediation
Install updates from vendor's website.