Vulnerabilities > Digi > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-4299 | Unspecified vulnerability in Digi products Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | 8.1 |
| 2022-04-06 | CVE-2022-26952 | Out-of-bounds Write vulnerability in Digi Passport Firmware 1.5.1.1 Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | 7.5 |
| 2022-04-06 | CVE-2022-26953 | Out-of-bounds Write vulnerability in Digi Passport Firmware 1.5.1.1 Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. | 7.5 |
| 2021-12-10 | CVE-2021-37188 | Insufficient Verification of Data Authenticity vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 8.8 |
| 2021-12-10 | CVE-2021-37189 | Missing Encryption of Sensitive Data vulnerability in Digi products An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. | 7.5 |
| 2021-10-08 | CVE-2021-35979 | Missing Authentication for Critical Function vulnerability in Digi products An issue was discovered in Digi RealPort through 4.8.488.0. | 8.1 |
| 2021-02-18 | CVE-2020-12878 | Link Following vulnerability in Digi Connectport X2E Firmware Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | 7.8 |
| 2020-05-21 | CVE-2017-18868 | Incorrect Default Permissions vulnerability in Digi Xbee 2 Firmware Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | 7.7 |