First published: Wed Apr 06 2022(Updated: )
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Passport Firmware | <=1.5.1.1 | |
Digi Passport |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-26953 is high with a CVSS score of 7.5.
Digi Passport Firmware versions up to and including 1.5.1.1 are affected by CVE-2022-26953.
An attacker can exploit CVE-2022-26953 by supplying a string in the 'page' parameter for the 'reboot.asp' endpoint, causing a buffer overflow when the string is concatenated to the HTML body.
No, Digi Passport devices are not vulnerable to CVE-2022-26953.
You can find more information about CVE-2022-26953 in the references provided: 'https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md', 'https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/', and 'https://hub.digi.com/support/products/infrastructure-management/digi-passport/'.