CVE-2024-50626

EPSS 0.11%
Published 09.12.2024 22:15:22
Last modified 27.06.2025 16:08:05
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Digi ≫ Connectport Lts Firmware Version < 1.4.12

   Digi ≫ Connectport Lts 16 Version-
   Digi ≫ Connectport Lts 16 Mei Version-
   Digi ≫ Connectport Lts 16 Mei 2ac Version-
   Digi ≫ Connectport Lts 32 Version-
   Digi ≫ Connectport Lts 32 Mei Version-
   Digi ≫ Connectport Lts 8 Mei Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.293

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.digi.com/resources/security

Vendor Advisory

https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf

Vendor Advisory

https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-50626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50626

EUVD