GCVE - cpe:2.3:h:meinberg:lantime_m300:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:meinberg:lantime_m300:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Meinberg (`e32bb510-0f61-5bfc-8b0b-6223f11f9ddd`)
Product	Lantime M300 (`979121ab-0fac-5aab-b782-3f497878c82c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-7240`	vulnerable	2026-06-03 14:43:05.873890	Details available Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements. Published: 2020-01-20T19:27:51.000Z Updated: 2024-08-28T13:28:59.219Z Open on db.gcve.eu Reference links https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html https://wolke.meinberg.de/index.php/s/dKP3PKgFXS6sPRE#pdfviewer	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3989`	vulnerable	2026-06-03 14:35:46.948013	Details available The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. Published: 2016-07-03T14:00:00.000Z Updated: 2024-08-06T00:10:32.023Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40120/ https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3988`	vulnerable	2026-06-03 14:35:46.947338	Details available Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request. Published: 2016-07-03T14:00:00.000Z Updated: 2024-08-06T00:10:32.023Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3962`	vulnerable	2026-06-03 14:35:46.898244	Details available Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request. Published: 2016-07-03T14:00:00.000Z Updated: 2024-08-06T00:10:31.911Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/40120/ https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.