8.8
CVE-2024-50626
- EPSS 0.11%
- Veröffentlicht 09.12.2024 22:15:22
- Zuletzt bearbeitet 27.06.2025 16:08:05
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digi ≫ Connectport Lts Firmware Version < 1.4.12
Digi ≫ Connectport Lts 16 Version-
Digi ≫ Connectport Lts 16 Mei Version-
Digi ≫ Connectport Lts 16 Mei 2ac Version-
Digi ≫ Connectport Lts 32 Version-
Digi ≫ Connectport Lts 32 Mei Version-
Digi ≫ Connectport Lts 8 Mei Version-
Digi ≫ Connectport Lts 16 Mei Version-
Digi ≫ Connectport Lts 16 Mei 2ac Version-
Digi ≫ Connectport Lts 32 Version-
Digi ≫ Connectport Lts 32 Mei Version-
Digi ≫ Connectport Lts 8 Mei Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.293 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.