HIGH🇬🇧 English

CVE-2022-26952

CVSS 7.5v3.1pub. 2022-04-06upd. 2024-11-21

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Digi Passport

    HW
    Digi
    wszystkie wersje
  • Digi Passport Firmware

    OS
    Digi
    ≤ 1.5.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2023-4299CRITICAL9.0ten sam produkt

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...

CVE-2022-26953HIGH7.5ten sam produkt

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in th...

CVE-2022-2634CRITICAL10.0ten sam vendor

An attacker may be able to execute malicious actions due to the lack of device access protections and device p...

CVE-2021-35978CRITICAL9.8ten sam vendor

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote c...

CVE-2021-35977CRITICAL9.8ten sam vendor

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...