Vulnerability Description
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Connectport Lts Firmware | < 1.4.12 |
| Digi | Connectport Lts 16 | - |
| Digi | Connectport Lts 16 Mei | - |
| Digi | Connectport Lts 16 Mei 2Ac | - |
| Digi | Connectport Lts 32 | - |
| Digi | Connectport Lts 32 Mei | - |
| Digi | Connectport Lts 8 Mei | - |
Related Weaknesses (CWE)
References
- https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTVendor Advisory
- https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdfProduct
- https://www.digi.com/resources/securityVendor Advisory
FAQ
What is CVE-2024-50626?
CVE-2024-50626 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include trav...
How severe is CVE-2024-50626?
CVE-2024-50626 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50626?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Connectport Lts Firmware, Digi Connectport Lts 16, Digi Connectport Lts 16 Mei, Digi Connectport Lts 16 Mei 2Ac, Digi Connectport Lts 32.