CVE-2022-26953

{"id": "CVE-2022-26953", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-04-06T01:15:07.143", "references": [{"url": "https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2022-26952%20%26%20CVE-2022-26953/readme.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://hub.digi.com/dp/path=/support/asset/digi-passport-1.5.2-firmware-release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://hub.digi.com/support/products/infrastructure-management/digi-passport/", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body."}, {"lang": "es", "value": "El firmware Digi Passport versiones hasta 1.5.1,1 est\u00e1 afectado por un desbordamiento de b\u00fafer. Un atacante puede suministrar una cadena en el par\u00e1metro de p\u00e1gina para el endpoint reboot.asp, permitiendo forzar un desbordamiento cuando la cadena es concatenada con el cuerpo HTML"}], "lastModified": "2022-04-12T19:31:12.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:digi:passport_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDB03DD8-8A21-4E82-91F3-800F69CF69CF", "versionEndIncluding": "1.5.1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6129E3F-BB64-47B1-8041-F955CAD1A139"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}