Vulnerabilities > Digi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-08 | CVE-2021-36767 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. | 9.8 |
| 2021-09-17 | CVE-2021-38412 | Missing Authentication for Critical Function vulnerability in Digi Portserver TS 16 Firmware 82000684/82000685 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. | 9.8 |
| 2021-02-18 | CVE-2020-12878 | Link Following vulnerability in Digi Connectport X2E Firmware Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | 7.8 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | 5.3 |
| 2020-05-21 | CVE-2017-18868 | Incorrect Default Permissions vulnerability in Digi Xbee 2 Firmware Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | 7.7 |
| 2020-02-13 | CVE-2020-6973 | Cross-site Scripting vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 6.2 |
| 2020-02-12 | CVE-2020-6975 | Unrestricted Upload of File with Dangerous Type vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 4.9 |
| 2020-02-10 | CVE-2020-8822 | Cross-site Scripting vulnerability in Digi Transport Wr21 Firmware and Transport Wr44 Firmware Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | 4.8 |
| 2020-01-09 | CVE-2019-18859 | Cross-site Scripting vulnerability in Digi Anywhereusb/14 Firmware 1.93.21.19 Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | 6.1 |
| 2019-03-21 | CVE-2018-20162 | Improper Input Validation vulnerability in Digi Transport Lr54 Firmware 4.3.2.24 Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | 9.9 |