Description
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
Scores
CVSS v3
10.0
EPSS
0.0026
EPSS Percentile
49.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (1)
digi/connectport_x2d_firmware
< 2020-01-01
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026