CVE-2022-26952
Description
Buffer overflow in Digi Passport firmware's Location header construction allows unauthenticated remote attackers to cause denial of service or possibly execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Digi Passport firmware's Location header construction allows unauthenticated remote attackers to cause denial of service or possibly execute arbitrary code.
Vulnerability
The vulnerability is a buffer overflow in the function responsible for building the HTTP Location header string when an unauthenticated user is redirected to the authentication page. This affects Digi Passport firmware through version 1.5.1.1 [1].
Exploitation
An unauthenticated attacker can trigger the overflow by sending a specially crafted HTTP request that causes the Location header to be constructed with an excessively long string. No authentication or user interaction is required [1].
Impact
Successful exploitation could lead to denial of service or potentially remote code execution. The product is end of life, so full impact details are not available [1].
Mitigation
The Digi Passport product line is end of life and obsolete, with no patches or updates planned. Users are advised to migrate to supported products as recommended by Digi [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Digi/Passport Firmwaredescription
- Range: <=1.5.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.mdmitrex_refsource_MISC
- hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/mitrex_refsource_MISC
- hub.digi.com/support/products/infrastructure-management/digi-passport/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.