Vulnerabilities > Digi

DATE CVE VULNERABILITY TITLE RISK
2023-08-31 CVE-2023-4299 Use of Password Hash Instead of Password for Authentication vulnerability in Digi products
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
network
high complexity
digi CWE-836
8.1
8.1
2022-04-06 CVE-2022-26952 Out-of-bounds Write vulnerability in Digi Passport Firmware
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
network
low complexity
digi CWE-787
5.0
5.0
2022-04-06 CVE-2022-26953 Out-of-bounds Write vulnerability in Digi Passport Firmware
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow.
network
low complexity
digi CWE-787
5.0
5.0
2021-12-10 CVE-2021-35978 Command Injection vulnerability in Digi products
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR.
network
low complexity
digi CWE-77
critical
 10.0
10
2021-12-10 CVE-2021-37187 Insufficiently Protected Credentials vulnerability in Digi products
An issue was discovered on Digi TransPort devices through 2021-07-21.
network
low complexity
digi CWE-522
4.0
4.0
2021-12-10 CVE-2021-37188 Insufficient Verification of Data Authenticity vulnerability in Digi products
An issue was discovered on Digi TransPort devices through 2021-07-21.
network
low complexity
digi CWE-345
6.5
6.5
2021-12-10 CVE-2021-37189 Missing Encryption of Sensitive Data vulnerability in Digi products
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4.
network
low complexity
digi CWE-311
5.0
5.0
2021-10-08 CVE-2021-35977 Classic Buffer Overflow vulnerability in Digi products
An issue was discovered in Digi RealPort for Windows through 4.8.488.0.
network
low complexity
digi CWE-120
critical
 9.8
9.8
2021-10-08 CVE-2021-35979 Missing Authentication for Critical Function vulnerability in Digi products
An issue was discovered in Digi RealPort through 4.8.488.0.
network
high complexity
digi CWE-306
8.1
8.1
2021-10-08 CVE-2021-36767 Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective.
network
low complexity
digi CWE-916
critical
 9.8
9.8