330 matches found
CVE-2024-50627
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network with specific permissions to upload and execute malicious files, potentially leading to unauthorized system access...
CVE-2024-50628
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...
CVE-2024-50625
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when...
digi-sapiens.de Improper Access Control vulnerability OBB-3816373
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
digi-media-net.de Improper Access Control vulnerability OBB-3816372
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
digi-sport.de Improper Access Control vulnerability OBB-3778273
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
digi-media-net.de Improper Access Control vulnerability OBB-3765442
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
digi-archives.org Cross Site Scripting vulnerability OBB-3733586
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The vulnerability of the remote access software for devices on the Digi RealPort network lies in the use of a password hash instead of a plain-text password for authentication. This allows attackers to compromise the target system.
The vulnerability of the remote access software for devices on the Digi RealPort network relates to the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker to compromise the target system remotely...
digi-soft.ro Cross Site Scripting vulnerability OBB-3689228
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-4299
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...
CVE-2023-4299
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...
Authentication flaw
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...
CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...
CVE-2023-4299
CVE-2023-4299 describes a replay attack in Digi RealPort Protocol that can bypass authentication to access connected equipment. The vulnerability affects a wide range of Digi devices and software using RealPort, due to using a password hash instead of the actual password for authentication. The I...
CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...
Digi RealPort Protocol
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Digi International, Inc. Equipment: Digi RealPort Protocol Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the...
Digi RealPort 安全漏洞
Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. A security vulnerability exists in the Digi RealPort Protocol that stems from vulnerability...
PT-2023-5295 · Digi · Digi Realport
Name of the Vulnerable Software and Affected Versions: Digi RealPort affected versions not specified Description: The issue is related to the use of a password hash instead of the password itself for authentication, which can be exploited by an attacker to compromise the target system. It is also...
CVE-2023-33668
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...