Vulnerability Description
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Connectport Lts Firmware | < 1.4.12 |
| Digi | Connectport Lts 16 | - |
| Digi | Connectport Lts 16 Mei | - |
| Digi | Connectport Lts 16 Mei 2Ac | - |
| Digi | Connectport Lts 32 | - |
| Digi | Connectport Lts 32 Mei | - |
| Digi | Connectport Lts 8 Mei | - |
Related Weaknesses (CWE)
References
- https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTVendor Advisory
- https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdfProduct
- https://www.digi.com/resources/securityVendor Advisory
FAQ
What is CVE-2024-50625?
CVE-2024-50625 is a vulnerability with a CVSS score of 8.0 (HIGH). An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to ar...
How severe is CVE-2024-50625?
CVE-2024-50625 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50625?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Connectport Lts Firmware, Digi Connectport Lts 16, Digi Connectport Lts 16 Mei, Digi Connectport Lts 16 Mei 2Ac, Digi Connectport Lts 32.