CVE-2024-50625 identifies a critical vulnerability in the Digi ConnectPort LTS product line before version 1.4.12. The root cause is an insecure file upload handling mechanism within the device's embedded web application. Specifically, the vulnerability allows an attacker to manipulate file paths through crafted POST requests during file upload operations. This path manipulation can result in arbitrary files being uploaded into unintended directories on the device's filesystem. Such unauthorized file placement can facilitate privilege escalation, especially when combined with other existing vulnerabilities or misconfigurations, potentially allowing attackers to execute arbitrary code or disrupt device operations. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The CVSS v3.1 base score is 8.0, reflecting high impact on confidentiality, integrity, and availability, with an attack vector requiring adjacent network access (AV:A), low attack complexity (AC:L), and privileges required (PR:L) but no user interaction (UI:N). The vulnerability was reserved on 2024-10-28 and published on 2024-12-09. No patches are linked yet, and no exploits are known in the wild, indicating the need for proactive mitigation. The Digi ConnectPort LTS devices are commonly used in industrial IoT and embedded applications, making this vulnerability particularly concerning for critical infrastructure and industrial sectors.

The vulnerability poses a significant risk to organizations using Digi ConnectPort LTS devices, especially in industrial, manufacturing, and critical infrastructure environments. Successful exploitation can lead to arbitrary file uploads, enabling attackers to place malicious files or scripts in sensitive directories. This can result in privilege escalation, allowing attackers to gain higher-level access, execute arbitrary code, or disrupt device functionality. The compromise of these devices can lead to loss of confidentiality of sensitive operational data, integrity breaches affecting device configurations or firmware, and availability issues causing operational downtime. Given the low complexity and absence of user interaction, attackers with limited privileges but network adjacency can exploit this vulnerability, increasing the attack surface. The lack of known exploits currently provides a window for remediation before widespread exploitation occurs. However, the strategic importance of affected devices in industrial control systems elevates the potential impact globally.

1. Immediately upgrade Digi ConnectPort LTS devices to version 1.4.12 or later once available to apply official patches addressing this vulnerability. 2. Until patches are released, restrict network access to the device's management interfaces to trusted administrators only, preferably via VPN or secure management networks. 3. Implement strict access controls and authentication mechanisms to limit user privileges, minimizing the risk posed by low-privilege attackers. 4. Monitor web application logs for unusual POST requests or file upload activities that could indicate exploitation attempts. 5. Employ network segmentation to isolate Digi ConnectPort LTS devices from general enterprise networks and the internet. 6. Use application-layer firewalls or web application firewalls (WAFs) capable of detecting and blocking malicious file upload patterns. 7. Conduct regular security audits and vulnerability assessments on IoT and embedded devices to identify and remediate similar issues proactively. 8. Develop incident response plans specific to IoT device compromise scenarios to enable rapid containment and recovery.