Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by Digi
CVE-2022-2634 (GCVE-0-2022-2634)
Vulnerability from cvelistv5 – Published: 2022-08-09 20:18 – Updated: 2025-04-16 16:13
VLAI
Title
Digi ConnectPort X2D
Summary
An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digi | ConnectPort X2D |
Affected:
All manufactured prior to 01/2020
|
Date Public
2022-08-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:46.897152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:37.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ConnectPort X2D",
"vendor": "Digi",
"versions": [
{
"status": "affected",
"version": "All manufactured prior to 01/2020"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aar\u00f3n Flecha of S21sec reported this vulnerability to CISA."
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-09T20:18:31.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01"
}
],
"source": {
"advisory": "ICSA-22-216-01",
"discovery": "EXTERNAL"
},
"title": "Digi ConnectPort X2D",
"workarounds": [
{
"lang": "en",
"value": "Digi International indicated this vulnerability does not exist in ConnectPort gateways manufactured after January 2020. It is recommended to contact Digi International support for assistance with impacted devices manufactured prior to January 2020."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-04T17:00:00.000Z",
"ID": "CVE-2022-2634",
"STATE": "PUBLIC",
"TITLE": "Digi ConnectPort X2D"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ConnectPort X2D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "manufactured prior to 01/2020"
}
]
}
}
]
},
"vendor_name": "Digi"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Aar\u00f3n Flecha of S21sec reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01"
}
]
},
"source": {
"advisory": "ICSA-22-216-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Digi International indicated this vulnerability does not exist in ConnectPort gateways manufactured after January 2020. It is recommended to contact Digi International support for assistance with impacted devices manufactured prior to January 2020."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2634",
"datePublished": "2022-08-09T20:18:31.257Z",
"dateReserved": "2022-08-02T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:37.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10136 (GCVE-0-2020-10136)
Vulnerability from cvelistv5 – Published: 2020-06-02 08:35 – Updated: 2025-11-03 20:33
VLAI
Title
IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic
Summary
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Severity
No CVSS data available.
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IETF | RFC2003 - IP Encapsulation within IP |
Affected:
STD 1
|
Date Public
2020-06-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:33:32.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#636397",
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/636397/"
},
{
"tags": [
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.digi.com/resources/security"
},
{
"name": "VU#636397",
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/636397"
},
{
"name": "Security Concerns with IP Tunneling",
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc6169"
},
{
"url": "https://www.kb.cert.org/vuls/id/199397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RFC2003 - IP Encapsulation within IP",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "STD 1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Yannay Livneh for reporting this issue."
}
],
"datePublic": "2020-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T21:10:04.191Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#636397",
"url": "https://kb.cert.org/vuls/id/636397/"
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
},
{
"url": "https://www.digi.com/resources/security"
},
{
"name": "VU#636397",
"url": "https://www.kb.cert.org/vuls/id/636397"
},
{
"name": "Security Concerns with IP Tunneling",
"url": "https://datatracker.ietf.org/doc/html/rfc6169"
}
],
"solutions": [
{
"lang": "en",
"value": "Customers should apply the latest patch provided by the affected vendor that addresses this issue and prevents unspecified IP-in-IP packets from being processed. Devices manufacturers are urged to disable IP-in-IP in their default configuration and require their customers to explicitly configure IP-in-IP as and when needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic",
"workarounds": [
{
"lang": "en",
"value": "Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4)."
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10136",
"datePublished": "2020-06-02T08:35:12.921Z",
"dateReserved": "2020-03-05T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:33:32.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2004-1973 (GCVE-0-2004-1973)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI
Summary
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/10228 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/11490 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/5702 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=108311170018203&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/alerts/2004/Apr/1009957.html | vdb-entryx_refsource_SECTRACK |
| http://www.autistici.org/fdonato/advisory/DiGiWww… | x_refsource_MISC |
Date Public
2004-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10228"
},
{
"name": "11490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11490"
},
{
"name": "5702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5702"
},
{
"name": "20040427 resources consumption in DiGi WWW Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108311170018203\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=234261"
},
{
"name": "digi-www-slash-dos(15987)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15987"
},
{
"name": "1009957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Apr/1009957.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \\ (backslash) characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10228"
},
{
"name": "11490",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11490"
},
{
"name": "5702",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5702"
},
{
"name": "20040427 resources consumption in DiGi WWW Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108311170018203\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=234261"
},
{
"name": "digi-www-slash-dos(15987)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15987"
},
{
"name": "1009957",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Apr/1009957.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \\ (backslash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10228"
},
{
"name": "11490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11490"
},
{
"name": "5702",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5702"
},
{
"name": "20040427 resources consumption in DiGi WWW Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108311170018203\u0026w=2"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=234261",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=234261"
},
{
"name": "digi-www-slash-dos(15987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15987"
},
{
"name": "1009957",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Apr/1009957.html"
},
{
"name": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/DiGiWwwServerC1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1973",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:07:49.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}