CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:digi:connectport_x2e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:connectport_x2e:-:*:*:*:*:*:*:*

Information

Published : 2021-02-17 16:15

Updated : 2021-02-26 08:04


NVD link : CVE-2020-12878

Mitre link : CVE-2020-12878


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

digi

  • connectport_x2e
  • connectport_x2e_firmware