CVE-2024-50626

HIGH

8.8

Description

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/9/2024

Last Modified6/27/2025

Sourcenvd

Honeypot Sightings0

Affected Products

digi:connectport_lts_16digi:connectport_lts_16_meidigi:connectport_lts_16_mei_2acdigi:connectport_lts_32digi:connectport_lts_32_meidigi:connectport_lts_8_meidigi:connectport_lts_firmware

Weaknesses (CWE)

CWE-22

References

https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf(cve@mitre.org)

https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf(cve@mitre.org)

https://www.digi.com/resources/security(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.