CVE-2024-50625

Name of the Vulnerable Software and Affected Versions: Digi ConnectPort LTS versions prior to 1.4.12

Description: A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests to API endpoints such as /file/upload. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities. The file path variable can be manipulated to achieve this.

Recommendations: For versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation. Avoid using the file path variable in the affected API endpoint until the issue is resolved.