CRITICAL🇵🇱 Wersja polska

CVE-2022-2634

CVSS 10.0v3.1pub. 2022-08-10upd. 2024-11-21

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Digi Connectport X2d

    HW
    Digi
    wszystkie wersje
  • Digi Connectport X2d Firmware

    OS
    Digi
    < 2020-01-01
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-4299CRITICAL9.0ten sam vendor

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...

CVE-2021-35978CRITICAL9.8ten sam vendor

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote c...

CVE-2021-35977CRITICAL9.8ten sam vendor

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...

CVE-2021-36767CRITICAL9.8ten sam vendor

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access t...

CVE-2021-38412CRITICAL9.6ten sam vendor

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServe...