CVE-2024-50626

{"id": "CVE-2024-50626", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-12-09T22:15:22.733", "references": [{"url": "https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.digi.com/resources/security", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Digi ConnectPort LTS anterior a la versi\u00f3n 1.4.12. Existe una vulnerabilidad de Directory Traversal en WebFS. Esto permite que un atacante en la red de \u00e1rea local manipule las URL para incluir secuencias de recorrido, lo que puede provocar un acceso no autorizado a los datos."}], "lastModified": "2025-06-27T16:08:05.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E2B8EB-FD51-4EFD-87BC-61841B5B1372", "versionEndExcluding": "1.4.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D927F6A5-D6AA-4AEB-A7E8-CA5A3BE5ED6E"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDCB83B5-1662-47D8-89E9-F64297D235A5"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCF5F04A-5AE9-4C1B-8F54-820CF6673E12"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F118AD7-F6E3-4F5F-91F6-B52978C0018D"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4D38E1C-90DE-4B19-9CE4-3B9116AE7AE0"}, {"criteria": "cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78489691-DF52-45FF-BC61-7DDBCB0B56F0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}