CVE-2024-50628

HIGH

Digi ConnectPort LTS Firmware < 1.4.12 - Missing Authorization

Title source: llm
STIX 2.1

Description

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.

Scores

CVSS v3 8.8
EPSS 0.0046
EPSS Percentile 36.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
digi/connectport_lts_firmware < 1.4.12
Published Dec 09, 2024
Tracked Since Feb 18, 2026