digi 漏洞与 CVE 列表(25)

产品(CPE): — CVE 数: 25

digi 漏洞概览

汇总 digi 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 路径处理缺陷、内存损坏与缓冲区溢出 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与文件覆盖 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12025 CVE 数
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-50628 An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. [email protected] 8.8 0.46% 2024-12-09 2026-06-17
CVE-2024-50627 An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access. [email protected] 8.8 0.32% 2024-12-09 2026-06-17
CVE-2024-50626 An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data. [email protected] 8.8 0.51% 2024-12-09 2026-06-17
CVE-2024-50625 An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities. [email protected] 8.0 0.31% 2024-12-09 2026-06-17
CVE-2023-4299 Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. [email protected] 9.0 0.55% 2023-08-31 2026-06-17
CVE-2022-2634 An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed. [email protected] 10.0 0.82% 2022-08-10 2026-06-17
CVE-2022-26953 Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. [email protected] 7.5 1.76% 2022-04-05 2026-06-17
CVE-2022-26952 Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. [email protected] 7.5 1.98% 2022-04-05 2026-06-17
CVE-2021-37189 An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. [email protected] 7.5 0.59% 2021-12-10 2026-06-17
CVE-2021-37188 An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway. [email protected] 8.8 0.46% 2021-12-10 2026-06-17
CVE-2021-37187 An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords. [email protected] 6.5 0.68% 2021-12-10 2026-06-17
CVE-2021-35978 An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc. [email protected] 9.8 3.56% 2021-12-10 2026-06-16
CVE-2021-36767 In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. [email protected] 9.8 0.66% 2021-10-08 2026-06-16
CVE-2021-35979 An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication. [email protected] 8.1 0.86% 2021-10-08 2026-06-16
CVE-2021-35977 An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. [email protected] 9.8 1.53% 2021-10-08 2026-06-16
CVE-2021-38412 Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in. [email protected] 9.6 1.26% 2021-09-17 2026-06-17
CVE-2020-12878 Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. [email protected] 7.8 0.51% 2021-02-17 2026-06-16
CVE-2020-10136 IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. [email protected] 5.3 26.46% 2020-06-02 2026-06-16
CVE-2017-18868 Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. [email protected] 7.7 0.79% 2020-05-21 2026-06-16
CVE-2020-6973 Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition. [email protected] 6.2 0.83% 2020-02-12 2026-06-16
«« 第一页 « 上一页 第 1 / 2 页 下一页 »
cvelogic Threat Intelligence