Vulnerability Description
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Connectport Lts Firmware | < 1.4.12 |
| Digi | Connectport Lts 16 | - |
| Digi | Connectport Lts 16 Mei | - |
| Digi | Connectport Lts 16 Mei 2Ac | - |
| Digi | Connectport Lts 32 | - |
| Digi | Connectport Lts 32 Mei | - |
| Digi | Connectport Lts 8 Mei | - |
Related Weaknesses (CWE)
References
- https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTVendor Advisory
- https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdfProduct
- https://www.digi.com/resources/securityVendor Advisory
FAQ
What is CVE-2024-50628?
CVE-2024-50628 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to ...
How severe is CVE-2024-50628?
CVE-2024-50628 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50628?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Connectport Lts Firmware, Digi Connectport Lts 16, Digi Connectport Lts 16 Mei, Digi Connectport Lts 16 Mei 2Ac, Digi Connectport Lts 32.