VYPR
Vendor

Digi International Inc

Products
29
CVEs
29
Across products
38
Status
Private

Products

29

Recent CVEs

29
View all 29 CVEs →
  • CVE-2022-2634CriAug 10, 2022
    risk 0.65cvss 10.0epss 0.01

    An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.

  • CVE-2018-20162CriMar 21, 2019
    risk 0.65cvss 9.9epss 0.04

    Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.

  • CVE-2021-35978CriDec 10, 2021
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting…

  • CVE-2021-36767CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.01

    In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed…

  • CVE-2021-35977CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

  • CVE-2021-38412CriSep 17, 2021
    risk 0.63cvss 9.6epss 0.01

    Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the…

  • CVE-2025-3659CriMay 12, 2025
    risk 0.61cvss epss 0.00

    Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including…

  • CVE-2023-4299CriAug 31, 2023
    risk 0.59cvss 9.0epss 0.01

    Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

  • CVE-2025-13319HigNov 17, 2025
    risk 0.57cvss 8.8epss 0.00

    An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack.

  • CVE-2024-50628HigDec 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.

  • CVE-2024-50627HigDec 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to…

  • CVE-2024-50626HigDec 9, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.

  • CVE-2021-37188HigDec 10, 2021
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

  • CVE-2020-9306HigFeb 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.

  • CVE-2021-35979HigOct 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

  • CVE-2024-50625HigDec 9, 2024
    risk 0.52cvss 8.0epss 0.00

    An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling…

  • CVE-2020-12878HigFeb 18, 2021
    risk 0.51cvss 7.8epss 0.01

    Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.

  • CVE-2017-18868HigMay 21, 2020
    risk 0.50cvss 7.7epss 0.01

    Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.

  • CVE-2022-26953HigApr 6, 2022
    risk 0.49cvss 7.5epss 0.02

    Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.

  • CVE-2022-26952HigApr 6, 2022
    risk 0.49cvss 7.5epss 0.02

    Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.