EUVD-2020-28115

Malware in sbrugna...

EUVD-2020-28113

Malware in sbrugna...

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

Digi RealPort Protocol

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the...

Digi ConnectPort X2D

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

Cross site scripting

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

Design/Logic Flaw

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

CVE-2020-6973

CVE-2020-6973 affects Digi International ConnectPort LTS 32 MEI with firmware 1.4.3 (bios 1.2). The advisory documents multiple cross-site scripting vulnerabilities that could lead to a denial-of-service condition. Affected product: ConnectPort LTS 32 MEI (firmware 1.4.3). Root cause: improper ha...

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

CVE-2020-6975

CVE-2020-6975 affects Digi International ConnectPort LTS 32 MEI (firmware 1.4.3, 82002228_K 08/09/2018; BIOS 1.2). The vulnerability allows unrestricted upload of a file with a dangerous type to the application (CWE-434). Technical details from multiple sources confirm the affected product, versi...

Digi ConnectPort LTS 32 MEI

1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Digi International Equipment : ConnectPort LTS 32 MEI Vulnerabilities : Unrestricted Upload of File with Dangerous Type, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these...

Multiple broadband routers use vulnerable versions of Allegro RomPager

Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office SOHO routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to...

Digi International Gateways Vulnerable to Heartbleed

Wireless Web mesh gateways used everywhere from industrial control environments to home area networks are vulnerable to the Heartbleed OpenSSL vulnerability. The Industrial Control System Computer Emergency Response Team ICS-CERT issued an advisory Thursday warning SCADA and ICS managers with Dig...

Digi International OpenSSL Vulnerability

OVERVIEW Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this...

Digi ADDP Information Discovery

Discover host information through the Digi International ADDP service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Digi ADDP Information Discovery', 'Description' = 'Discover host informatio...

Digi ADDP Remote Reboot Initiator

Reboot Digi International based equipment through the ADDP service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Digi ADDP Remote Reboot Initiator', 'Description' = 'Reboot Digi International...