PT-2024-34368 · Digi · Digi Connectport Lts
Published
2024-12-09
·
Updated
2025-06-27
·
CVE-2024-50628
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Digi ConnectPort LTS versions prior to 1.4.12
Description:
An issue was discovered in the web services of Digi ConnectPort LTS, allowing an attacker on the local area network to achieve unauthorized manipulation of resources. This may lead to remote code execution when combined with other issues.
Recommendations:
For Digi ConnectPort LTS versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the web services to minimize the risk of exploitation.
Fix
RCE
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digi Connectport Lts