HIGH🇵🇱 Wersja polska

CVE-2022-26953

CVSS 7.5v3.1pub. 2022-04-06upd. 2024-11-21

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Digi Passport

    HW
    Digi
    wszystkie wersje
  • Digi Passport Firmware

    OS
    Digi
    ≤ 1.5.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-4299CRITICAL9.0ten sam produkt

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...

CVE-2022-26952HIGH7.5ten sam produkt

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Locat...

CVE-2022-2634CRITICAL10.0ten sam vendor

An attacker may be able to execute malicious actions due to the lack of device access protections and device p...

CVE-2021-35978CRITICAL9.8ten sam vendor

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote c...

CVE-2021-35977CRITICAL9.8ten sam vendor

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...