Digi PortServer TS
Easy fix2 remedies
cpe:2.3:h:digi:portserver_ts:*:*:*:*:*:*:*, +3 more
Easy fix2 remedies
- <= 82000747_AA, build date 06/17/2022
Digi Products Improper Authentication Vulnerability Allowing Unauthenticated Configuration Changes
Vulnerability
Patched
A vulnerability exists in several Digi product families, including PortServer TS (all versions prior to 2025), Digi One SP, SP IA, IA (versions prior to and including 82000774_Z, build date 10/19/2020), and Digi One IAP (versions prior to and including 82000770 Z, build date 10/19/2020). The issue arises from improper authentication handling in HTTP POST requests to the devices' web interfaces. This vulnerability may allow an unauthenticated attacker to modify configuration settings remotely.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in device configuration, potentially disrupting normal operation or creating additional security risks.
Remediation
Users are advised to update their devices to the latest firmware version. For Digi One IAP, the latest firmware can be downloaded from the Digi One IAP Support Page. For PortServer TS and Digi One SP/IA, firmware updates are available on their respective support pages. If an immediate update is not possible, users should disable the web server when not actively configuring the device.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
0.6exploitability
7.0remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.