Vulnerabilities > Digi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-35978 | Command Injection vulnerability in Digi products An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. | 10.0 |
| 2021-10-08 | CVE-2021-35977 | Classic Buffer Overflow vulnerability in Digi products An issue was discovered in Digi RealPort for Windows through 4.8.488.0. | 9.8 |
| 2021-10-08 | CVE-2021-36767 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digi products In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. | 9.8 |
| 2021-09-17 | CVE-2021-38412 | Missing Authentication for Critical Function vulnerability in Digi Portserver TS 16 Firmware 82000684/82000685 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. | 9.8 |
| 2019-03-21 | CVE-2018-20162 | Improper Input Validation vulnerability in Digi Transport Lr54 Firmware 4.3.2.24 Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | 9.0 |