I'm a subcontractor doing some development work for one of your customers.
I notice that the login page for your forum (cms.digi.com/support/forum/login?to=) allows authentication over plaintext HTTP (http://cms.digi.com/support/forum/login?to=). An inline login form is presented on every non-authenticated page. Your web server really ought to force upgrading/redirecting all HTTP requests to HTTPS, since plaintext credentials can be transmitted from any forum page. Given how often humans reuse passwords, anybody positioned to capture forum credentials would likely find success in spraying them at a list of Digi devices scraped from Shodan.
XBIG Product ID: 0x806f
Firmware Version: 220.127.116.11 xbigw release gw-18.104.22.168 10/28/2019 13:23:07 CDT
Thanks for your consideration.