CVE-2024-50627

HIGH

Digi Connectport Lts Firmware < 1.4.12 - Privilege Escalation

Title source: rule

Description

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access.

References (3)

[Vendor Advisory] https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf

[Product] https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf

[Vendor Advisory] https://www.digi.com/resources/security

Scores

CVSS v3 8.8

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-552

Status published

Products (1)

digi/connectport_lts_firmware < 1.4.12

Published Dec 09, 2024

Tracked Since Feb 18, 2026