News from 2024-11-12


Meinberg Security Advisory: [MBGSA-2024.07] LANTIME Firmware V7.08.017


The LANTIME Firmware Version 7.08.017 includes security fixes for the Web Interface and REST API:

Meinberg recommends updating to LANTIME Firmware Version 7.08.017.

Estimation of severity up to and including:
  • LANTIME Firmware Version 7.08.016:
    Severity Level Critical (0), High (3), Medium (0), Low (0), Info (0), Unknown (0)
Updated Versions:
  • LANTIME Firmware: V7.08.017

  1. Description of the Vulnerabilities

    • Web Interface:

      • NOCVE - Authenticated file path traversal (High)
        Authenticated users were able to perform a file path traversal attack via the "Import SyncMon Data File" function.

        Fixed in:
        V7.08.017 MBGID-19745

    • REST API:

      • NOCVE - Authenticated OS command line injection ping/traceroute (High)
        Authenticated users were able to execute system calls via the ping and traceroute function of the REST API.

        Fixed in:
        V7.08.017 MBGID-19743

      • NOCVE - Authenticated formatted string vulnerability (High)
        Authenticated users were able to output parts of the system memory via a formatted string vulnerability.

        Fixed in:
        V7.08.017 MBGID-19741

  2. Systems Affected

    All LANTIME Firmware versions before 7.08.017 are affected by the corresponding vulnerabilities. The LANTIME Firmware is used by all devices of the LANTIME series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000), the SyncFire product family (SF1000, SF1100, SF1200, SF1500), LANTIME CPU Expansions (LCES).

    Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.

  3. Possible Security Measures

    The relevant security updates are included in the LANTIME Firmware Version 7.08.017(-light). Updating to these versions eliminates the listed vulnerabilities.

    Download the latest LANTIME Firmware at:

    The update is now available for Meinberg customers. An update of the LANTIME Firmware to Version 7.08.017 or 7.08.017-light as appropriate is recommended. Customers who cannot install Version 7.08.017 should install Version 7.08.017-light instead.

  4. Further Information

    Further details and information are available from the following website:

    If you have any questions or need assistance, please do not hesitate to contact Meinberg's Technical Support Team..

  5. Acknowledgments

    We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.

    Thank you!


Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact Meinberg Mail Contact