VYPR

ConnectPort X2e

by Digi International Inc

CVEs (2)

  • CVE-2020-9306HigFeb 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.

  • CVE-2020-12878HigFeb 18, 2021
    risk 0.51cvss 7.8epss 0.01

    Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.