VYPR

ConnectPort LTS

by Digi International Inc

CVEs (7)

  • CVE-2024-50628Dec 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.

  • CVE-2024-50626Dec 9, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

  • CVE-2024-50627Dec 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to…

  • CVE-2024-50625Dec 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling…

  • CVE-2022-2634Aug 9, 2022
    risk 0.00cvss epss 0.01

    An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.

  • CVE-2020-9306Feb 17, 2021
    risk 0.00cvss epss 0.01

    Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.

  • CVE-2020-12878Feb 17, 2021
    risk 0.00cvss epss 0.01

    Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.