CVE-2024-50628

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50628
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf Vendor Advisory
https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf Product
https://www.digi.com/resources/security Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*
History

27 Jun 2025, 16:06

Type Values Removed Values Added
References () https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf - () https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf - Vendor Advisory
References () https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf - () https://www.digi.com/resources/documentation/digidocs/pdfs/90001001.pdf - Product
References () https://www.digi.com/resources/security - () https://www.digi.com/resources/security - Vendor Advisory
CPE cpe:2.3:h:digi:connectport_lts_32:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei_2ac:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_16_mei:-:*:*:*:*:*:*:*
cpe:2.3:o:digi:connectport_lts_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_32_mei:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_lts_8_mei:-:*:*:*:*:*:*:*
First Time Digi connectport Lts 32 Mei
Digi connectport Lts 32
Digi connectport Lts Firmware
Digi
Digi connectport Lts 16 Mei
Digi connectport Lts 16
Digi connectport Lts 8 Mei
Digi connectport Lts 16 Mei 2ac

11 Dec 2024, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
Summary
  • (es) Se descubrió un problema en los servicios web de Digi ConnectPort LTS antes de la versión 1.4.12. Este problema permite que un atacante en la red de área local realice una manipulación no autorizada de los recursos, lo que puede provocar la ejecución remota de código cuando se combina con otros problemas.
CWE CWE-862

09 Dec 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-09 22:15

Updated : 2025-06-27 16:06

NVD link : CVE-2024-50628

Mitre link : CVE-2024-50628

CVE.ORG link : CVE-2024-50628

JSON object : View

Products Affected

digi

  • connectport_lts_16_mei
  • connectport_lts_8_mei
  • connectport_lts_firmware
  • connectport_lts_32_mei
  • connectport_lts_16
  • connectport_lts_32
  • connectport_lts_16_mei_2ac
CWE
CWE-862

Missing Authorization