Login Sign Up

CVE-2024-50627

8.8 HIGH

📋 TL;DR

A privilege escalation vulnerability in Digi ConnectPort LTS devices allows authenticated local network attackers to upload and execute malicious files, potentially gaining full system control. This affects organizations using ConnectPort LTS gateways with firmware versions before 1.4.12. Attackers need specific permissions but can bypass intended restrictions.

💻 Affected Systems

Products:
  • Digi ConnectPort LTS
Versions: All versions before 1.4.12
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have specific permissions on the local network; not exploitable from the internet by default.

📦 What is this software?

Connectport Lts Firmware by Digi

View all CVEs affecting Connectport Lts Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install persistent backdoors, steal credentials, pivot to other network segments, or disrupt industrial operations.

🟠

Likely Case

Unauthorized administrative access to the device, enabling configuration changes, data exfiltration, or using the device as a foothold for lateral movement.

🟢

If Mitigated

Limited impact if network segmentation prevents LAN access and file uploads are restricted through additional controls.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access with specific permissions; file upload and execution chain needed for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.12

Vendor Advisory: https://www.digi.com/resources/security

Restart Required: Yes

Instructions:

1. Download firmware 1.4.12 from Digi support portal. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply update and restart device. 5. Verify version shows 1.4.12.

🔧 Temporary Workarounds

Restrict network access

all

Limit device access to authorized management networks only using firewall rules.

Disable unnecessary file uploads

all

Remove file upload permissions for non-admin users if supported by configuration.

🧯 If You Can't Patch

  • Segment ConnectPort LTS devices on isolated VLANs with strict access controls.
  • Implement network monitoring for unusual file upload activities to these devices.

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > About; versions below 1.4.12 are vulnerable.

Check Version:

No CLI command; use web interface at System > About or check via SNMP if configured.

Verify Fix Applied:

Confirm firmware version shows 1.4.12 in System > About after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload events
  • Multiple failed upload attempts followed by success
  • New executable files in system directories

Network Indicators:

  • HTTP POST requests to file upload endpoints from unexpected sources
  • Unusual outbound connections from ConnectPort device

SIEM Query:

source="connectport" AND (event="file_upload" OR url_path="/upload")

📊 Metadata

CVE ID: CVE-2024-50627
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-552
Published: December 9, 2024
Last Updated: June 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50627, you might also want to check these:

CVE-2025-41240 10.0

This critical vulnerability allows unauthenticated remote attackers to access Kubernetes secrets via...

Same vulnerability type (CWE-552)
CVE-2024-56731 10.0

This vulnerability allows unprivileged users in Gogs to delete files in the .git directory, leading ...

Same vulnerability type (CWE-552)
CVE-2024-6209 10.0

This vulnerability allows attackers to access files without authorization in ABB ASPECT-Enterprise, ...

Same vulnerability type (CWE-552)