CVE-2024-50625
📋 TL;DR
A vulnerability in Digi ConnectPort LTS devices allows attackers to manipulate file paths during uploads via POST requests, enabling arbitrary file uploads to specific directories. This could lead to privilege escalation when combined with other vulnerabilities. Affected are all ConnectPort LTS devices running firmware versions before 1.4.12.
💻 Affected Systems
- Digi ConnectPort LTS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through privilege escalation leading to complete device control, data exfiltration, and use as a pivot point into internal networks.
Likely Case
Unauthorized file uploads allowing web shell deployment, configuration modification, or persistence mechanisms on the device.
If Mitigated
Limited impact with proper network segmentation, file integrity monitoring, and restricted administrative access.
🎯 Exploit Status
Exploitation requires access to the web interface and knowledge of the vulnerability. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.12
Vendor Advisory: https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf
Restart Required: Yes
Instructions:
1. Download firmware version 1.4.12 from Digi's support portal. 2. Log into the ConnectPort LTS web interface. 3. Navigate to System > Firmware Update. 4. Upload the new firmware file. 5. Wait for the update to complete and the device to reboot.
🔧 Temporary Workarounds
Disable Web Interface
allDisable the web management interface if not required for operations
Network Access Control
allRestrict access to the web interface using firewall rules or network segmentation
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ConnectPort LTS devices from critical networks
- Enable file integrity monitoring on the device to detect unauthorized file uploads
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the web interface under System > Status. If version is below 1.4.12, the device is vulnerable.Check Version:
No CLI command available. Must use web interface at System > Status page.Verify Fix Applied:
After updating, verify the firmware version shows 1.4.12 or higher in System > Status.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to file upload endpoints
- Multiple failed upload attempts followed by successful uploads
- New files appearing in web-accessible directories
Network Indicators:
- HTTP POST requests to upload endpoints with unusual file extensions or paths
- Traffic to unexpected ports from the device
SIEM Query:
source="connectport-lts" AND (http_method="POST" AND uri_path CONTAINS "upload")