Digi ConnectPort X2e prior to 3.2.30.6 allows an malicious user to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digi connectport_x2e_firmware |