Vulnerabilities > CVE-2022-26952 - Out-of-bounds Write vulnerability in Digi Passport Firmware 1.5.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md
- https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/
- https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/
- https://hub.digi.com/support/products/infrastructure-management/digi-passport/
- https://hub.digi.com/support/products/infrastructure-management/digi-passport/