Known Vulnerabilities for products from Digi

Listed below are 17 of the newest known vulnerabilities associated with the vendor "Digi".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Digi can be found at device.report : Digi

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-38412 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack de... 9.8 - CRITICAL 2021-09-17 2022-10-27
CVE-2021-37189 An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitiv... 7.5 - HIGH 2021-12-10 2021-12-14
CVE-2021-37188 An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware ... 8.8 - HIGH 2021-12-10 2022-07-12
CVE-2021-37187 An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (wit... 6.5 - MEDIUM 2021-12-10 2021-12-14
CVE-2021-36767 In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server pa... 9.8 - CRITICAL 2021-10-08 2023-09-25
CVE-2021-35979 An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks a... 8.1 - HIGH 2021-10-08 2023-05-26
CVE-2021-35978 An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command executio... 9.8 - CRITICAL 2021-12-10 2021-12-14
CVE-2021-35977 An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP disc... 9.8 - CRITICAL 2021-10-08 2023-05-26
CVE-2020-12878 Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink att... 7.8 - HIGH 2021-02-18 2021-02-26
CVE-2020-10136 Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP tra... 5.3 - MEDIUM 2020-06-02 2020-07-29
CVE-2020-8822 Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. 4.8 - MEDIUM 2020-02-10 2020-02-11
CVE-2020-6975 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful explo... 4.9 - MEDIUM 2020-02-12 2020-02-21
CVE-2020-6973 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-s... 6.2 - MEDIUM 2020-02-13 2020-02-21
CVE-2019-18859 Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. 6.1 - MEDIUM 2020-01-09 2023-01-31
CVE-2018-20162 Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI a... 9.9 - CRITICAL 2019-03-21 2019-05-09
CVE-2017-18868 Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to th... 7.7 - HIGH 2020-05-21 2020-05-22
CVE-2004-1973 DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains ... 5 - MEDIUM 2004-04-27 2017-07-11

Known software with vulnerabilities from Digi

Type Vendor Product Version
HardwareDigiAnywhereusb/14-
Operating
System		DigiAnywhereusb/14 Firmware1.93.21.19
HardwareDigiCm-
Operating
System		DigiSaros8.1.0.1
HardwareDigiTransport Lr54-
Operating
System		DigiTransport Lr54 Firmware4.3.2.24
ApplicationDigiWww Server-
HardwareDigiXbee 2-
Operating
System		DigiXbee 2 Firmware-