Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Digi Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36767 1 Digi 45 6350-sr, 6350-sr Firmware, Cm and 42 more 2022-04-29 7.5 HIGH 9.8 CRITICAL
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
CVE-2021-35978 1 Digi 18 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 15 more 2021-12-14 10.0 HIGH 9.8 CRITICAL
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.
CVE-2021-35977 1 Digi 37 6350-sr, 6350-sr Firmware, Cm and 34 more 2021-10-16 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
CVE-2021-38412 1 Digi 2 Portserver Ts 16, Portserver Ts 16 Firmware 2021-10-05 7.5 HIGH 9.8 CRITICAL
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.
CVE-2018-20162 1 Digi 2 Transport Lr54, Transport Lr54 Firmware 2019-05-09 9.0 HIGH 9.9 CRITICAL
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.