Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Passport_firmware
(Digi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-31 | CVE-2023-4299 | Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | Cm_firmware, Connect_es_firmware, Connect_sp_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_firmware, One_sp_firmware, One_sp_ia_firmware, Passport_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware | 8.1 | ||
| 2022-04-06 | CVE-2022-26952 | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | Passport_firmware | 7.5 | ||
| 2022-04-06 | CVE-2022-26953 | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | Passport_firmware | 7.5 |