An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDigi Transport Dr64
HWDigiwszystkie wersjeDigi Transport Dr64 Firmware
OSDigi≤ 5.2.4.9Digi Transport Sr44
HWDigiwszystkie wersjeDigi Transport Sr44 Firmware
OSDigiwszystkie wersjeDigi Transport Vc74
HWDigiwszystkie wersjeDigi Transport Vc74 Firmware
OSDigi≤ 5.2.4.9Digi Transport Wr11
HWDigiwszystkie wersjeDigi Transport Wr11 Firmware
OSDigi≤ 8.2.1.3Digi Transport Wr11 Xt
HWDigiwszystkie wersjeDigi Transport Wr11 Xt Firmware
OSDigi≤ 8.2.1.3Digi Transport Wr21
HWDigiwszystkie wersjeDigi Transport Wr21 Firmware
OSDigi≤ 8.2.1.3Digi Transport Wr31
HWDigiwszystkie wersjeDigi Transport Wr31 Firmware
OSDigi≤ 8.2.1.3Digi Transport Wr41
HWDigiwszystkie wersjeDigi Transport Wr41 Firmware
OSDigi8.0.0.0 – 8.3.1.25.0.0.0 – 5.2.4.66.0.0.0 – 6.1.3.5Digi Transport Wr44
HWDigiv2Digi Transport Wr44 Firmware
OSDigi≤ 8.3.1.2
Related vulnerabilities
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access t...
An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribu...
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load custo...