CRITICAL🇵🇱 Wersja polska

CVE-2021-36767

CVSS 9.8v3.1pub. 2021-10-08upd. 2024-11-21

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Digi 6350 Sr

    HW
    Digi
    wszystkie wersje
  • Digi 6350 Sr Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Cm

    HW
    Digi
    wszystkie wersje
  • Digi Cm Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Connect Es

    HW
    Digi
    wszystkie wersje
  • Digi Connect Es Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Connectport Lts 8\/16\/32

    HW
    Digi
    wszystkie wersje
  • Digi Connectport Lts 8\/16\/32 Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Connectport Ts 8\/16

    HW
    Digi
    wszystkie wersje
  • Digi Connectport Ts 8\/16 Firmware

    OS
    Digi
    wszystkie wersje
  • Digi One Ia

    HW
    Digi
    wszystkie wersje
  • Digi One Ia Firmware

    OS
    Digi
    wszystkie wersje
  • Digi One Iap

    HW
    Digi
    wszystkie wersje
  • Digi One Iap Firmware

    OS
    Digi
    wszystkie wersje
  • Digi One Iap Haz

    HW
    Digi
    wszystkie wersje
  • Digi One Iap Haz Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Passport Integrated Console Server

    HW
    Digi
    wszystkie wersje
  • Digi Passport Integrated Console Server Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Portserver Ts

    HW
    Digi
    wszystkie wersje
  • Digi Portserver Ts Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Portserver Ts Mei

    HW
    Digi
    wszystkie wersje
  • Digi Portserver Ts Mei Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Portserver Ts Mei Hardened

    HW
    Digi
    wszystkie wersje
  • Digi Portserver Ts Mei Hardened Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Portserver Ts M Mei

    HW
    Digi
    wszystkie wersje
  • Digi Portserver Ts M Mei Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Portserver Ts P Mei

    HW
    Digi
    wszystkie wersje
  • Digi Portserver Ts P Mei Firmware

    OS
    Digi
    wszystkie wersje
  • Digi Realport

    APP
    Digi
    ≤ 1.9-40≤ 4.10.490
  • Digi Transport Wr11 Xt

    HW
    Digi
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-4299CRITICAL9.0ten sam produkt

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication t...

CVE-2021-35978CRITICAL9.8ten sam produkt

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote c...

CVE-2021-35977CRITICAL9.8ten sam produkt

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handli...

CVE-2021-37188HIGH8.8ten sam produkt

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load custo...

CVE-2021-37189HIGH7.5ten sam produkt

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribu...