In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm
Source: Mitre, NVD
Published: 2023-04-24
Updated: 2023-05-23
Base Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C
Severity: High
Base Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H