Vulnerabilities > Digi
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-31 | CVE-2023-4299 | Use of Password Hash Instead of Password for Authentication vulnerability in Digi products Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | 8.1 |
2022-04-06 | CVE-2022-26952 | Out-of-bounds Write vulnerability in Digi Passport Firmware Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | 5.0 |
2022-04-06 | CVE-2022-26953 | Out-of-bounds Write vulnerability in Digi Passport Firmware Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. | 5.0 |
2021-12-10 | CVE-2021-35978 | Command Injection vulnerability in Digi products An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. | 10.0 |
2021-12-10 | CVE-2021-37187 | Insufficiently Protected Credentials vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 4.0 |
2021-12-10 | CVE-2021-37188 | Insufficient Verification of Data Authenticity vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 6.5 |
2021-12-10 | CVE-2021-37189 | Missing Encryption of Sensitive Data vulnerability in Digi products An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. | 5.0 |
2021-10-08 | CVE-2021-35977 | Classic Buffer Overflow vulnerability in Digi products An issue was discovered in Digi RealPort for Windows through 4.8.488.0. | 9.8 |
2021-10-08 | CVE-2021-35979 | Missing Authentication for Critical Function vulnerability in Digi products An issue was discovered in Digi RealPort through 4.8.488.0. | 8.1 |
2021-10-08 | CVE-2021-36767 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. | 9.8 |