Have a Question?
Knowledge & Resources / Security / Notifications


Jan 05, 2018 Spectre and Meltdown Vulnerabilities - (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754)

Digi is aware of the Spectre and Meltdown vulnerabilities that were recently released. These vulnerabilities impact the confidentiality of data running on Intel, AMD and ARM processors.

For Digi hardware products, we do not use Intel or AMD processors, and as a consequence the "Meltdown" vulnerability does not affect Digi hardware products.

For the Spectre vulnerability, Digi security teams are working to determine the practical impacts and patches on Digi hardware products that use ARM processors.

For Digi Remote Manager & Device Cloud, we are working with our providers to address Spectre and Meltdown.

Additional information will be provided as soon as it is available. For more information on these vulnerabilities, please see the website https://meltdownattack.com/

Please continue to check this space for updates, or subscribe to the RSS feed above.

Nov 29, 2017 Discovered vulnerabilities with TransPort WR Series cellular routers

Three vulnerabilities have been found by Kasperski Labs within the WR series transport routers. These vulnerabilities are rated from high to low. The impacted devices are the Digi TransPort WR11,WR21,WR41,WR44, and the WR31. This includes "R", and "RR" versions as well. Impacted vulnerable services are SNMP, FTP, and the command line interface. For more information on the discovered vulnerabilities, including patches, mitigations, and overall risk, please see the knowledge base article.

Learn More
Oct 30, 2017 Blueborne Vulnerability
Digi is aware of the BlueBorne vulnerability related to the penetration of Bluetooth connections resulting in potentially unauthorized access to devices and/or data. BlueBorne affects ordinary computers, mobile phones, embedded devices, and other connected devices with Bluetooth connectivity. Please refer to https://www.armis.com/blueborne/ for detailed information about the vulnerability. For embedded products, we strongly recommend customers to review the available public information about the Blueborne vulnerability and apply mitigation approaches, including already available fixes in the community. We also intend to provide fixes/workaround for the related vulnerabilities as soon as possible. In the meantime, please contact us if you have any questions related to how this vulnerability may affect the Digi products/platforms you are using.
Oct 20, 2017 DNSmasq Network service (CVE-2017-14491)
We have evaluated the impact of this vulnerability on our devices, and have concluded that the Transport LR54 is the only Digi device effected. We have made available a patch for this vulnerability in firmware versions and above. Please see the Digi support site for firmware releases for the LR54 product.
Oct 16, 2017 KRACK Attack
Digi is aware of a vulnerability within the defined Wi-Fi security protocol WPA2. This has been defined as the KRACK Attack. we have released new firmware for impacted products, For a full technical statement on affected products and workarounds, please see our knowledge base article.
Nov 10, 2016 OpenSSL - New Security Release 1.1.0c
We are still reviewing the impact of this on our devices. we believe that this will not have any impact for Digi, as we use the OpenSSL long term support (LTS) version of Openssl v1.0.2 in our products, and not v1.1.0.
Oct 21, 2016 Dirty COW - (CVE-2016-5195)
We are in the process of fully testing our products against this vulnerability. Currently, we have found a few devices that are slightly impacted. However, due to the product type, there is no way to effectively exploit the devices with this vulnerability.
Oct 01, 2017 Mirai Botnet Impact Investigations
At this time, we have reviewed this, and we are not aware of any of our devices that can be compromized by this Botnet. We are continuing to monitor this in case this changes in the future.
Mar 03, 2017 Practical exploits to SHA1 hashing has now been discovered
Although we have been migrating our products use of SHA1 for the last few years, we are re-evaluating our products for any remaining SHA1 hash use. We anticipate that future releases will remove the SHA1 hash use, and move to the stronger SHA3, or SHA2 routines respectively. Learn More


May 03, 2017 Evaluation of Security Vulnerability VU#561444
Expanded info on CVE-2014-9222, CVE-2014-9223
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices. Learn More
Contact a Digi expert and get started today! Contact Us