Vulnerabilities > Digi > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2022-26952 | Out-of-bounds Write vulnerability in Digi Passport Firmware Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | 5.0 |
| 2022-04-06 | CVE-2022-26953 | Out-of-bounds Write vulnerability in Digi Passport Firmware Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. | 5.0 |
| 2021-12-10 | CVE-2021-37187 | Insufficiently Protected Credentials vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 4.0 |
| 2021-12-10 | CVE-2021-37188 | Insufficient Verification of Data Authenticity vulnerability in Digi products An issue was discovered on Digi TransPort devices through 2021-07-21. | 6.5 |
| 2021-12-10 | CVE-2021-37189 | Missing Encryption of Sensitive Data vulnerability in Digi products An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. | 5.0 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | 5.3 |
| 2020-05-21 | CVE-2017-18868 | Incorrect Default Permissions vulnerability in Digi Xbee 2 Firmware Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. | 5.5 |
| 2020-02-13 | CVE-2020-6973 | Cross-site Scripting vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 6.3 |
| 2020-02-12 | CVE-2020-6975 | Unrestricted Upload of File with Dangerous Type vulnerability in Digi products Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. | 4.0 |
| 2020-01-09 | CVE-2019-18859 | Cross-site Scripting vulnerability in Digi Anywhereusb/14 Firmware 1.93.21.19 Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | 6.1 |