digi

Top products

The 15 most recently published vulnerabilities affecting digi.

• CVE-2024-50628An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead ...8.8Dec 9, 2024
• CVE-2024-50627An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific...8.8Dec 9, 2024
• CVE-2024-50626An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include t...8.8Dec 9, 2024
• CVE-2024-50625An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to...8.0Dec 9, 2024
• CVE-2023-4299Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication9.0Aug 31, 2023
• CVE-2022-2634Digi ConnectPort X2D10.0Aug 9, 2022
• CVE-2022-26952Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.7.5Apr 6, 2022
• CVE-2022-26953Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the st...7.5Apr 6, 2022
• CVE-2021-37189An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send th...7.5Dec 10, 2021
• CVE-2021-37188An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing ...8.8Dec 10, 2021
• CVE-2021-37187An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other ...6.5Dec 10, 2021
• CVE-2021-35978An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the ...9.8Dec 10, 2021
• CVE-2021-36767In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unaut...9.8Oct 8, 2021
• CVE-2021-35979An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.8.1Oct 8, 2021
• CVE-2021-35977An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.9.8Oct 8, 2021