Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-17T23:07:11

Updated: 2024-08-04T12:11:18.998Z

Reserved: 2020-05-14T00:00:00

Link: CVE-2020-12878

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-02-18T00:15:17.263

Modified: 2021-02-26T16:04:34.860

Link: CVE-2020-12878

cve-icon Redhat

No data.