VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2022· Updated Aug 3, 2024

CVE-2022-26953

CVE-2022-26953

Description

A buffer overflow in Digi Passport firmware's reboot.asp endpoint allows an attacker to trigger an overflow via a crafted page parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in Digi Passport firmware's reboot.asp endpoint allows an attacker to trigger an overflow via a crafted page parameter.

Vulnerability

A buffer overflow vulnerability exists in Digi Passport firmware through version 1.5.1,1. The flaw resides in the reboot.asp endpoint, where the page parameter is concatenated into the HTML body without proper bounds checking. An attacker can supply an overly long string in this parameter to force a buffer overflow.

Exploitation

An attacker with network access to the device can send a crafted HTTP request to the reboot.asp endpoint with an excessively long page parameter. No authentication or user interaction is required. The overflow occurs when the server concatenates the attacker-supplied string into the response body.

Impact

Successful exploitation results in a buffer overflow, leading to memory corruption. This could allow an attacker to cause a denial of service or potentially execute arbitrary code with the privileges of the web server process.

Mitigation

No fix is available as the Digi Passport product line is end-of-life and obsolete, with no further support [1]. Users are advised to migrate to a supported product as recommended by Digi.

References
  1. Digi Passport Support Resources

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.