CVE-2024-50626

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50626
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf Vendor Advisory
https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf Product
https://www.digi.com/resources/security Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-12-09 22:15

Updated : 2025-06-27 16:08

NVD link : CVE-2024-50626

Mitre link : CVE-2024-50626

CVE.ORG link : CVE-2024-50626

JSON object : View

Products Affected

digi

  • connectport_lts_32
  • connectport_lts_16
  • connectport_lts_16_mei_2ac
  • connectport_lts_16_mei
  • connectport_lts_8_mei
  • connectport_lts_32_mei
  • connectport_lts_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')