Vulnerabilities > CVE-2022-26953 - Out-of-bounds Write vulnerability in Digi Passport Firmware 1.5.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md
- https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/
- https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/
- https://hub.digi.com/support/products/infrastructure-management/digi-passport/
- https://hub.digi.com/support/products/infrastructure-management/digi-passport/