Breakfix

**Name of the Vulnerable Software and Affected Versions** Digi Passport Firmware versions 1.5.1,1 and earlier **Description** The issue is related to a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. An attacker can supply a string in the `page` parameter for the "reboot.asp" endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. **Recommendations** For Digi Passport Firmware versions 1.5.1,1 and earlier, consider disabling the vulnerable function for building the Location header string until a patch is available. Restrict access to the "reboot.asp" endpoint to minimize the risk of exploitation. Avoid using the `page` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digi Passport Firmware versions 1.5.1,1 and earlier **Description** The issue is related to a buffer overflow. An attacker can supply a string in the `page` parameter for the "reboot.asp" endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. **Recommendations** For Digi Passport Firmware versions 1.5.1,1 and earlier, consider disabling access to the "reboot.asp" endpoint until a patch is available. Restrict the use of the `page` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.