What is CVE-2020-7240?

CVE-2020-7240 is a vulnerability that allows attackers with privileges to configure Meinberg Lantime M300 and M1000 devices to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration).

How severe is CVE-2020-7240?

CVE-2020-7240 has a severity value of 8.8, which is considered critical.

What software is affected by CVE-2020-7240?

The affected software includes Meinberg Lantime M300 Firmware and Meinberg Lantime M1000 Firmware.

How can I fix CVE-2020-7240?

To fix CVE-2020-7240, it is recommended to apply the necessary security patches or upgrades provided by Meinbergglobal.

Where can I find more information about CVE-2020-7240?

More information about CVE-2020-7240 can be found in the following references: [reference 1], [reference 2], [reference 3].

Vulnerability/
CVE-2020-7240

critical

CWE

20/1/2020

28/8/2024

CVE-2020-7240: OS Command Injection

First published: Mon Jan 20 2020(Updated: )

** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.'

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Meinberg Lantime Firmware
Meinberg Global Lantime M300
Meinberg Lantime M1000 Firmware
Meinberg LANTIME M1000
All of
Meinberg Global Lantime M300
Meinberg Lantime Firmware
All of
Meinberg LANTIME M1000
Meinberg Lantime M1000 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-7240?
CVE-2020-7240 is a vulnerability that allows attackers with privileges to configure Meinberg Lantime M300 and M1000 devices to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration).
How severe is CVE-2020-7240?
CVE-2020-7240 has a severity value of 8.8, which is considered critical.
What software is affected by CVE-2020-7240?
The affected software includes Meinberg Lantime M300 Firmware and Meinberg Lantime M1000 Firmware.
How can I fix CVE-2020-7240?
To fix CVE-2020-7240, it is recommended to apply the necessary security patches or upgrades provided by Meinbergglobal.
Where can I find more information about CVE-2020-7240?
More information about CVE-2020-7240 can be found in the following references: [reference 1], [reference 2], [reference 3].

agent/type
agent/severity
agent/weakness
agent/references
agent/status
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
status/disputed
vendor/meinbergglobal
canonical/meinberg lantime firmware
canonical/meinberg global lantime m300
canonical/meinberg lantime m1000 firmware
canonical/meinberg lantime m1000

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.