Digi Digi

  1. Vendors
  2. Digi

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Digi product.

RSS Feeds for Digi security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Digi products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Digi Sorted by Most Security Vulnerabilities since 2018

Digi Connectport Lts Firmware4 vulnerabilities

Digi Realport4 vulnerabilities

Digi Saros1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Digi. Digi did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 4 0.00
2023 1 8.10
2022 0 0.00
2021 3 9.23
2020 1 0.00

It may take a day or so for new Digi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Digi Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-50628 Dec 09, 2024
Digi ConnectPort LTS Web Services Local Network Unauthorized Resource Manipulation Vulnerability An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues.
Connectport Lts Firmware
CVE-2024-50627 Dec 09, 2024
Digi ConnectPort LTS Privilege Escalation via File Upload An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access.
Connectport Lts Firmware
CVE-2024-50626 Dec 09, 2024
Digi ConnectPort LTS WebFS Directory Traversal Vulnerability An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data.
Connectport Lts Firmware
CVE-2024-50625 Dec 09, 2024
Digi ConnectPort LTS Arbitrary File Upload Vulnerability An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities.
Connectport Lts Firmware
CVE-2023-4299 Aug 31, 2023
Digi RealPort Auth Bypass via Replay Attack Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
Realport
CVE-2021-35979 Oct 08, 2021
An issue was discovered in Digi RealPort through 4.8.488.0 An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.
Realport
CVE-2021-35977 Oct 08, 2021
An issue was discovered in Digi RealPort for Windows through 4.8.488.0 An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
Realport
CVE-2021-36767 Oct 08, 2021
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
Realport
CVE-2020-10136 Jun 02, 2020
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Saros
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.