Known Vulnerabilities for products from Digi
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Digi".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Digi can be found at device.report : Digi
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-4299 json | Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connec... | 8.1 - HIGH | 2023-08-31 | 2023-09-06 |
| CVE-2022-26953 json | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page paramete... | 7.5 - HIGH | 2022-04-06 | 2022-04-12 |
| CVE-2022-26952 json | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header stri... | 7.5 - HIGH | 2022-04-06 | 2022-04-12 |
| CVE-2022-2634 json | An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when... | 9.8 - CRITICAL | 2022-08-10 | 2022-08-16 |
| CVE-2021-38412 json | Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack de... | 9.8 - CRITICAL | 2021-09-17 | 2022-10-27 |
| CVE-2021-37189 json | An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitiv... | 7.5 - HIGH | 2021-12-10 | 2021-12-14 |
| CVE-2021-37188 json | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware ... | 8.8 - HIGH | 2021-12-10 | 2022-07-12 |
| CVE-2021-37187 json | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (wit... | 6.5 - MEDIUM | 2021-12-10 | 2021-12-14 |
| CVE-2021-36767 json | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server pa... | 9.8 - CRITICAL | 2021-10-08 | 2023-09-25 |
| CVE-2021-35979 json | An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks a... | 8.1 - HIGH | 2021-10-08 | 2023-05-26 |
| CVE-2021-35978 json | An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command executio... | 9.8 - CRITICAL | 2021-12-10 | 2021-12-14 |
| CVE-2021-35977 json | An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP disc... | 9.8 - CRITICAL | 2021-10-08 | 2023-05-26 |
| CVE-2020-12878 json | Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink att... | 7.8 - HIGH | 2021-02-18 | 2021-02-26 |
| CVE-2020-10136 json | Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP tra... | 5.3 - MEDIUM | 2020-06-02 | 2020-07-29 |
| CVE-2020-8822 json | Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | 4.8 - MEDIUM | 2020-02-10 | 2020-02-11 |
| CVE-2020-6975 json | Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful explo... | 4.9 - MEDIUM | 2020-02-12 | 2020-02-21 |
| CVE-2020-6973 json | Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-s... | 6.2 - MEDIUM | 2020-02-13 | 2020-02-21 |
| CVE-2019-18859 json | Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | 6.1 - MEDIUM | 2020-01-09 | 2023-01-31 |
| CVE-2018-20162 json | Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI a... | 9.9 - CRITICAL | 2019-03-21 | 2019-05-09 |
| CVE-2017-18868 json | Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to th... | 7.7 - HIGH | 2020-05-21 | 2020-05-22 |
Known software with vulnerabilities from Digi
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Digi | Anywhereusb/14 | - |
| Operating System | Digi | Anywhereusb/14 Firmware | 1.93.21.19 |
| Hardware | Digi | Cm | - |
| Operating System | Digi | Saros | 8.1.0.1 |
| Hardware | Digi | Transport Lr54 | - |
| Operating System | Digi | Transport Lr54 Firmware | 4.3.2.24 |
| Application | Digi | Www Server | - |
| Hardware | Digi | Xbee 2 | - |
| Operating System | Digi | Xbee 2 Firmware | - |