Lucene search
+L

330 matches found

cvelist
cvelist
added 2021/09/17 7:7 p.m.22 views

CVE-2021-38412 Digi PortServer TS 16 Improper Authentication

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

9.6CVSS9.7AI score0.01342EPSS
Exploits0References1
cve
cve
added 2021/09/17 7:7 p.m.60 views

CVE-2021-38412

CVE-2021-38412 affects Digi PortServer TS 16 Rack. The issue is improper authentication: properly formatted POST requests to multiple resources on the HTTP/HTTPS web servers do not require authentication tokens, enabling an attacker to enable SNMP and manipulate community strings for control. Aff...

9.8CVSS9.6AI score0.01342EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2021/09/17 12:0 a.m.10 views

PT-2021-22116 · Digi · Digi Portserver Ts 16 Rack

Name of the Vulnerable Software and Affected Versions: Digi PortServer TS 16 Rack device affected versions not specified Description: The issue concerns the Digi PortServer TS 16 Rack device, where properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers do not...

9.8CVSS9.4AI score0.01342EPSS
Exploits0References3
ics
ics
added 2021/09/14 12:0 a.m.64 views

Digi PortServer TS 16

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: PortServer TS 16 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability allows write access, which grants control of...

9.8CVSS10AI score0.01342EPSS
Exploits0References5
osv
osv
added 2021/02/18 12:15 a.m.5 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.8CVSS7.2AI score0.00505EPSS
Exploits1References3
osv
osv
added 2021/02/18 12:15 a.m.5 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS7.3AI score0.01165EPSS
Exploits1References4
nvd
nvd
added 2021/02/18 12:15 a.m.34 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS0.01165EPSS
Exploits1References4
nvd
nvd
added 2021/02/18 12:15 a.m.38 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.8CVSS0.00505EPSS
Exploits1References3
prion
prion
added 2021/02/18 12:15 a.m.14 views

Directory traversal

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.2CVSS7.6AI score0.00505EPSS
Exploits1References3Affected Software1
prion
prion
added 2021/02/18 12:15 a.m.14 views

Hardcoded credentials

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

5.8CVSS8.7AI score0.01165EPSS
Exploits1References4Affected Software1
cve
cve
added 2021/02/17 11:11 p.m.85 views

CVE-2020-9306

CVE-2020-9306 affects Digi ConnectPort X2e devices (SolarCity/Tesla branding) with hardcoded credentials stored in a .pyc-compiled file used at boot. FireEye analysis shows password_manager.pyc in /WEB/python/ contains five plaintext credentials for the python system user, enabling web and SSH ac...

8.8CVSS8.7AI score0.01165EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/02/17 11:11 p.m.29 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS8.8AI score0.01165EPSS
Exploits1References4
cve
cve
added 2021/02/17 11:7 p.m.87 views

CVE-2020-12878

CVE-2020-12878 affects Digi ConnectPort X2e devices (pre-3.2.30.6). The issue enables local privilege escalation from the python user to root via a symlink attack involving /WEB/python/.ssh and /etc/init.d/S50dropbear.sh. Exploitation, as described, follows: (1) authenticate as the python user, (...

7.8CVSS8.2AI score0.00505EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2021/02/17 11:7 p.m.36 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.7AI score0.00505EPSS
Exploits1References3
fireeye
fireeye
added 2021/02/17 12:0 a.m.228 views

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

7.2CVSS8.6AI score0.01165EPSS
Exploits2References21
cnnvd
cnnvd
added 2021/02/17 12:0 a.m.11 views

Digi ConnectPort Backlink Vulnerability

Digi ConnectPort is a server from Digi ConnectPort Digi USA, Inc. It provides wireless communication. A security vulnerability exists in Digi ConnectPort X2e before 3.2.30.6, which allows an attacker to exploit the vulnerability to escalate the privileges of a python user to root via a symbolic...

7.8CVSS7.2AI score0.00505EPSS
Exploits1References3
openbugbounty
openbugbounty
added 2020/08/27 6:32 a.m.12 views

digi-dap.nl Cross Site Scripting vulnerability OBB-1278868

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
cnvd
cnvd
added 2020/05/22 12:0 a.m.4 views

Digi XBee 2 Command Execution Vulnerability

Digi XBee 2 is an embedded cellular modem from Digi USA. A security vulnerability exists in Digi XBee version 2, which stems from the product's failure to implement an effective protection mechanism against remote AT commands. A remote attacker can exploit the vulnerability to execute arbitrary...

7.7CVSS7.7AI score0.00791EPSS
Exploits0References1
nvd
nvd
added 2020/05/21 8:15 p.m.22 views

CVE-2017-18868

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

7.7CVSS7.7AI score0.00791EPSS
Exploits0References1
prion
prion
added 2020/05/21 8:15 p.m.22 views

Input validation

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

5.5CVSS7.6AI score0.00791EPSS
Exploits0References1
Rows per page
Query Builder