CVE-2024-50626

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf	Vendor Advisory
https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf	Product
https://www.digi.com/resources/security	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:digi:connectport_lts_16:-:::::::*
	cpe:2.3:h:digi:connectport_lts_16_mei:-:::::::*
	cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:::::::*
	cpe:2.3:h:digi:connectport_lts_32:-:::::::*
	cpe:2.3:h:digi:connectport_lts_32_mei:-:::::::*
	cpe:2.3:h:digi:connectport_lts_8_mei:-:::::::*

History

27 Jun 2025, 16:08

Type	Values Removed	Values Added
First Time		Digi Digi connectport Lts 32 Mei Digi connectport Lts 16 Mei Digi connectport Lts 16 Mei 2ac Digi connectport Lts 32 Digi connectport Lts 8 Mei Digi connectport Lts Firmware Digi connectport Lts 16
References	~~() https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf -~~	() https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf - Vendor Advisory
References	~~() https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf -~~	() https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf - Product
References	~~() https://www.digi.com/resources/security -~~	() https://www.digi.com/resources/security - Vendor Advisory
CPE		cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:::::::* cpe:2.3:h:digi:connectport_lts_8_mei:-:::::::* cpe:2.3:h:digi:connectport_lts_16:-:::::::* cpe:2.3:h:digi:connectport_lts_32:-:::::::* cpe:2.3:o:digi:connectport_lts_firmware:::::::: cpe:2.3:h:digi:connectport_lts_32_mei:-:::::::* cpe:2.3:h:digi:connectport_lts_16_mei:-:::::::*

12 Dec 2024, 02:06

Type	Values Removed	Values Added
CWE		CWE-22
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
Summary		(es) Se descubrió un problema en Digi ConnectPort LTS anterior a la versión 1.4.12. Existe una vulnerabilidad de Directory Traversal en WebFS. Esto permite que un atacante en la red de área local manipule las URL para incluir secuencias de recorrido, lo que puede provocar un acceso no autorizado a los datos.

09 Dec 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-09 22:15

Updated : 2025-06-27 16:08

NVD link : CVE-2024-50626

Mitre link : CVE-2024-50626

CVE.ORG link : CVE-2024-50626

JSON object : View

Products Affected

digi

connectport_lts_firmware
connectport_lts_32_mei
connectport_lts_8_mei
connectport_lts_32
connectport_lts_16_mei_2ac
connectport_lts_16
connectport_lts_16_mei

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-50626", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-12-09T22:15:22.733", "references": [{"url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.digi.com/resources/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Digi ConnectPort LTS anterior a la versi\u00f3n 1.4.12. Existe una vulnerabilidad de Directory Traversal en WebFS. Esto permite que un atacante en la red de \u00e1rea local manipule las URL para incluir secuencias de recorrido, lo que puede provocar un acceso no autorizado a los datos."}], "lastModified": "2025-06-27T16:08:05.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372", "versionEndExcluding": "1.4.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

8.8 /10