Vulnerability Description
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Connectport Lts Firmware | < 1.4.12 |
| Digi | Connectport Lts 16 | - |
| Digi | Connectport Lts 16 Mei | - |
| Digi | Connectport Lts 16 Mei 2Ac | - |
| Digi | Connectport Lts 32 | - |
| Digi | Connectport Lts 32 Mei | - |
| Digi | Connectport Lts 8 Mei | - |
Related Weaknesses (CWE)
References
- https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTVendor Advisory
- https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdfProduct
- https://www.digi.com/resources/securityVendor Advisory
FAQ
What is CVE-2024-50627?
CVE-2024-50627 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific pe...
How severe is CVE-2024-50627?
CVE-2024-50627 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50627?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Connectport Lts Firmware, Digi Connectport Lts 16, Digi Connectport Lts 16 Mei, Digi Connectport Lts 16 Mei 2Ac, Digi Connectport Lts 32.