HIGH🇬🇧 English

CVE-2021-37188

CVSS 8.8v3.1pub. 2021-12-10upd. 2024-11-21

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Digi Transport Dr64

    HW
    Digi
    wszystkie wersje
  • Digi Transport Dr64 Firmware

    OS
    Digi
    ≤ 5.2.4.9
  • Digi Transport Sr44

    HW
    Digi
    wszystkie wersje
  • Digi Transport Vc74

    HW
    Digi
    wszystkie wersje
  • Digi Transport Vc74 Firmware

    OS
    Digi
    ≤ 5.2.4.9
  • Digi Transport Wr11

    HW
    Digi
    wszystkie wersje
  • Digi Transport Wr11 Firmware

    OS
    Digi
    ≤ 8.2.1.3
  • Digi Transport Wr11 Xt

    HW
    Digi
    wszystkie wersje
  • Digi Transport Wr11 Xt Firmware

    OS
    Digi
    ≤ 8.2.1.3
  • Digi Transport Wr21

    HW
    Digi
    wszystkie wersje
  • Digi Transport Wr21 Firmware

    OS
    Digi
    ≤ 8.2.1.3
  • Digi Transport Wr31

    HW
    Digi
    wszystkie wersje
  • Digi Transport Wr31 Firmware

    OS
    Digi
    ≤ 8.2.1.3
  • Digi Transport Wr41

    HW
    Digi
    wszystkie wersje
  • Digi Transport Wr41 Firmware

    OS
    Digi
    8.0.0.0 – 8.3.1.25.0.0.0 – 5.2.4.66.0.0.0 – 6.1.3.5
  • Digi Transport Wr44

    HW
    Digi
    v2
  • Digi Transport Wr44 Firmware

    OS
    Digi
    ≤ 8.3.1.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-4299CRITICAL9.0ten sam produkt

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...

CVE-2021-35978CRITICAL9.8ten sam produkt

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote c...

CVE-2021-36767CRITICAL9.8ten sam produkt

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access t...

CVE-2021-35977CRITICAL9.8ten sam produkt

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...

CVE-2021-37189HIGH7.5ten sam produkt

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribu...