Vulnerabilities > Digi

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2022-26952 Out-of-bounds Write vulnerability in Digi Passport Firmware
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
network
low complexity
digi CWE-787
5.0
2022-04-06 CVE-2022-26953 Out-of-bounds Write vulnerability in Digi Passport Firmware
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow.
network
low complexity
digi CWE-787
5.0
2021-12-10 CVE-2021-35978 Command Injection vulnerability in Digi products
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR.
network
low complexity
digi CWE-77
critical
10.0
2021-12-10 CVE-2021-37187 Insufficiently Protected Credentials vulnerability in Digi products
An issue was discovered on Digi TransPort devices through 2021-07-21.
network
low complexity
digi CWE-522
4.0
2021-12-10 CVE-2021-37188 Inadequate Encryption Strength vulnerability in Digi products
An issue was discovered on Digi TransPort devices through 2021-07-21.
network
low complexity
digi CWE-326
6.5
2021-12-10 CVE-2021-37189 Missing Encryption of Sensitive Data vulnerability in Digi products
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4.
network
low complexity
digi CWE-311
5.0
2021-10-08 CVE-2021-35977 Classic Buffer Overflow vulnerability in Digi products
An issue was discovered in Digi RealPort for Windows through 4.8.488.0.
network
low complexity
digi CWE-120
7.5
2021-10-08 CVE-2021-35979 Improper Authentication vulnerability in Digi products
An issue was discovered in Digi RealPort through 4.8.488.0.
network
digi CWE-287
6.8
2021-10-08 CVE-2021-36767 Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective.
network
low complexity
digi CWE-916
7.5
2021-09-17 CVE-2021-38412 Improper Authentication vulnerability in Digi Portserver TS 16 Firmware 82000684/82000685
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens.
network
low complexity
digi CWE-287
7.5