Digi: Security Vulnerabilities
Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-02-12
Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-02-10
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-01-09
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
CVSS Score
9.9
EPSS Score
0.046
Published
2019-03-21
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters.
CVSS Score
5.0
EPSS Score
0.105
Published
2004-04-27
Page 3