Vulnerabilites related to digi - wr31
CVE-2021-35977 (GCVE-0-2021-35977)
Vulnerability from cvelistv5
Published
2021-10-08 14:19
Modified
2024-08-04 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T14:19:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35977",
"datePublished": "2021-10-08T14:19:04",
"dateReserved": "2021-06-30T00:00:00",
"dateUpdated": "2024-08-04T00:47:43.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35979 (GCVE-0-2021-35979)
Vulnerability from cvelistv5
Published
2021-10-08 14:21
Modified
2024-08-04 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Digi RealPort through 4.8.488.0. The \u0027encrypted\u0027 mode is vulnerable to man-in-the-middle attacks and does not perform authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T14:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-35979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Digi RealPort through 4.8.488.0. The \u0027encrypted\u0027 mode is vulnerable to man-in-the-middle attacks and does not perform authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-35979",
"datePublished": "2021-10-08T14:21:22",
"dateReserved": "2021-06-30T00:00:00",
"dateUpdated": "2024-08-04T00:47:42.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36767 (GCVE-0-2021-36767)
Vulnerability from cvelistv5
Published
2021-10-08 14:22
Modified
2024-08-04 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server\u0027s access password. The attacker may then crack this hash offline in order to successfully login to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-01T00:30:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server\u0027s access password. The attacker may then crack this hash offline in order to successfully login to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36767",
"datePublished": "2021-10-08T14:22:57",
"dateReserved": "2021-07-16T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4299 (GCVE-0-2023-4299)
Vulnerability from cvelistv5
Published
2023-08-31 20:45
Modified
2025-01-16 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:30.564576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:37.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Digi RealPort",
"vendor": "Digi International ",
"versions": [
{
"lessThanOrEqual": "4.8.488.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Digi RealPort",
"vendor": "Digi International ",
"versions": [
{
"lessThanOrEqual": "1.9-40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi ConnectPort TS 8/16",
"vendor": "Digi International ",
"versions": [
{
"lessThan": "2.26.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi Passport Console Server",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi ConnectPort LTS 8/16/32",
"vendor": "Digi International ",
"versions": [
{
"lessThan": "1.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi CM Console Server",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi PortServer TS",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi PortServer TS MEI",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi PortServer TS MEI Hardened",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi PortServer TS M MEI",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi PortServer TS P MEI",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi One IAP Family",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi One IA",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi One SP IA",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "\u200bDigi One SP",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi WR31",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi WR11 XT",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi WR44 R",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi WR21",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi Connect ES",
"vendor": "Digi International ",
"versions": [
{
"lessThan": "2.26.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi Connect SP",
"vendor": "Digi International ",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi 6350-SR",
"vendor": "Digi International ",
"versions": [
{
"status": "unaffected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digi ConnectCore 8X products",
"vendor": "Digi International ",
"versions": [
{
"status": "unaffected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc reported this vulnerability to Digi International."
}
],
"datePublic": "2023-08-31T20:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\u003c/span\u003e\n\n"
}
],
"value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-836",
"description": "CWE-836",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T20:45:43.866Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"
},
{
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eDigi International recommends users acquire and install patches that they have made available for the following products:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u200bRealPort software for Windows: Fixed in 4.10.490\u003c/li\u003e\u003cli\u003e\u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4\u003c/li\u003e\u003cli\u003e\u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9\u003c/li\u003e\u003cli\u003e\u200bDigi Connect ES: Fixed in firmware version 2.26.2.4\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bFor more information, see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf\"\u003ecustomer notification document\u003c/a\u003e\u0026nbsp;published by Digi International.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nDigi International recommends users acquire and install patches that they have made available for the following products:\n\n * \u200bRealPort software for Windows: Fixed in 4.10.490\n * \u200bDigi ConnectPort TS 8/16: Fixed in firmware version 2.26.2.4\n * \u200bDigi ConnectPort LTS 8/16/32: Fixed in version 1.4.9\n * \u200bDigi Connect ES: Fixed in firmware version 2.26.2.4\n\n\n\u200bFor more information, see the customer notification document https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf \u00a0published by Digi International.\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eDragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi\u0027s devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.\u003c/p\u003e\u003cp\u003e\u200bIf using the system in \u0027reverse\u0027 mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nDragos recommends restricting access to Digi devices on TCP/771 (default) or TCP/1027 (if encryption is enabled, this is the default port). Only allow the workstations which initiate RealPort connections to communicate to the field equipment on those ports. Note that most of Digi\u0027s devices allow you to change the setting for which TCP port the RealPort service runs on, so end users should consult their device configuration and restrict access to the configured port if it is not the default.\n\n\u200bIf using the system in \u0027reverse\u0027 mode, where the Digi device calls back to the Windows or Linux workstation, then Dragos recommends restricting access to the workstation on TCP/771 or TCP/1027 to known Digi RealPort devices on your network. This port may be configured by end users, so consult the workstation and device configurations to ensure coverage.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-4299",
"datePublished": "2023-08-31T20:45:43.866Z",
"dateReserved": "2023-08-10T20:14:27.489Z",
"dateUpdated": "2025-01-16T21:30:37.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-31 21:15
Modified
2024-11-21 08:34
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digi | realport | * | |
| digi | realport | * | |
| digi | connectport_ts_8\/16_firmware | * | |
| digi | connectport_ts_8\/16 | - | |
| digi | passport_firmware | - | |
| digi | passport | - | |
| digi | connectport_lts_8\/16\/32_firmware | * | |
| digi | connectport_lts_8\/16\/32 | - | |
| digi | cm_firmware | - | |
| digi | cm | - | |
| digi | portserver_ts_firmware | - | |
| digi | portserver_ts | - | |
| digi | portserver_ts_mei_firmware | - | |
| digi | portserver_ts_mei | - | |
| digi | portserver_ts_mei_hardened_firmware | - | |
| digi | portserver_ts_mei_hardened | - | |
| digi | portserver_ts_m_mei_firmware | - | |
| digi | portserver_ts_m_mei | - | |
| digi | portserver_ts_p_mei_firmware | - | |
| digi | portserver_ts_p_mei | - | |
| digi | one_iap_firmware | - | |
| digi | one_iap | - | |
| digi | one_ia_firmware | - | |
| digi | one_ia | - | |
| digi | one_sp_ia_firmware | - | |
| digi | one_sp_ia | - | |
| digi | one_sp_firmware | - | |
| digi | one_sp | - | |
| digi | wr31_firmware | - | |
| digi | wr31 | - | |
| digi | transport_wr11_xt_firmware | - | |
| digi | transport_wr11_xt | - | |
| digi | wr44_r_firmware | - | |
| digi | wr44_r | - | |
| digi | wr21_firmware | - | |
| digi | wr21 | - | |
| digi | connect_es_firmware | * | |
| digi | connect_es | - | |
| digi | connect_sp_firmware | - | |
| digi | connect_sp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "D59A75BB-9159-4631-BC71-39969604EB41",
"versionEndIncluding": "1.9-40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4051C215-7A7D-44AF-8194-ABB054C8C0AA",
"versionEndIncluding": "4.8.488.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_ts_8\\/16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140FCBA8-D74A-4889-9581-2A1E354DE70B",
"versionEndExcluding": "2.26.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_ts_8\\/16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90551D8-A6FF-40EE-BE92-C60D3CCF9FD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42EC9732-7287-4295-9A45-BAEB9C3D7D52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6129E3F-BB64-47B1-8041-F955CAD1A139",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_lts_8\\/16\\/32_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4974BD84-B144-45C6-BA1D-E651FA93F8C1",
"versionEndExcluding": "1.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_lts_8\\/16\\/32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0620D1B-2856-4EDC-9BD4-F450375EF2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "580B6AD7-98A4-4656-BC4B-EEBC15D86BFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9DDFA4-8F21-47E4-97D0-3B135072E273",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89CC1603-A6ED-48A2-AC9B-EC11F00E0C02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6377CC-097B-4775-9964-338A3CFA87CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE660D5-F5D8-4449-9A11-61A290E8B6A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8206DA8-2823-4116-9E76-975C9A3F2EF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1C8BFC-EA8C-45A9-8391-A578BD2129BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*",
"matchCriteriaId": "817E2152-5A72-4B88-A1A1-8CFEFA134979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70583280-A89A-470B-B8C3-DF8151F43D79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7BF4B-3C56-44B2-8933-E24ACCA000E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07964E3F-C71E-455C-90C1-E59350924F92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C711FEFA-0A37-4B97-AAC0-D0330D9F5E55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01501047-CD6D-490C-984E-441939D077A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF501FC-E102-4D8D-A2B7-6F9D0F444959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E409760-A00D-4485-BACD-5EE5453BA1BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE8C4FB-9DB5-4A32-8EFC-69B746BF2E33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB7FF5F-02DE-4848-AA66-9F71CEBEDB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B2D2BF-01FA-4F15-A747-CB315E27E94E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E623C5-610E-4B76-81DE-94B9783E3B17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85CDFA6C-067B-4D3B-8448-034286F36E69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24D3E7C4-92B1-4C98-A9EE-0D1B0F00914D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F02872-5C53-419B-902C-4906E546C8B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76684195-7836-4EDF-AE59-CB4A5CE938AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D08ACA8-BF3A-4401-AB11-1D92CA7933A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E08FD-5872-4E42-BDA7-2B15CF49C06D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE33679-08C1-4133-8D51-05B1EBC21B99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0E5E9-FBFE-4C99-9C68-6322B255BE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36063F6A-E10E-45FF-98D4-F90A995428C5",
"versionEndExcluding": "2.26.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF02532-005E-4246-AA51-DAC2EA1726FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9732CC2E-BD0F-4528-819C-A214B4810C2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF15AE4-A3AD-4AB2-AFCA-05C1946972F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.\n\n"
},
{
"lang": "es",
"value": "El protocolo Digi RealPort es vulnerable a un ataque de repetici\u00f3n que puede permitir a un atacante saltarse la autenticaci\u00f3n para acceder a los equipos conectados. "
}
],
"id": "CVE-2023-4299",
"lastModified": "2024-11-21T08:34:48.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-31T21:15:09.183",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-836"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-08 15:15
Modified
2024-11-21 06:14
Severity ?
Summary
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digi | realport | * | |
| digi | realport | * | |
| digi | connectport_ts_8\/16_firmware | * | |
| digi | connectport_ts_8\/16 | - | |
| digi | connectport_lts_8\/16\/32_firmware | * | |
| digi | connectport_lts_8\/16\/32 | - | |
| digi | passport_integrated_console_server_firmware | * | |
| digi | passport_integrated_console_server | - | |
| digi | cm_firmware | * | |
| digi | cm | - | |
| digi | portserver_ts_firmware | * | |
| digi | portserver_ts | - | |
| digi | portserver_ts_mei_firmware | * | |
| digi | portserver_ts_mei | - | |
| digi | portserver_ts_mei_hardened_firmware | * | |
| digi | portserver_ts_mei_hardened | - | |
| digi | portserver_ts_m_mei_firmware | * | |
| digi | portserver_ts_m_mei | - | |
| digi | 6350-sr_firmware | * | |
| digi | 6350-sr | - | |
| digi | portserver_ts_p_mei_firmware | * | |
| digi | portserver_ts_p_mei | - | |
| digi | transport_wr11_xt_firmware | * | |
| digi | transport_wr11_xt | - | |
| digi | one_ia_firmware | * | |
| digi | one_ia | - | |
| digi | wr31_firmware | * | |
| digi | wr31 | - | |
| digi | wr44_r_firmware | * | |
| digi | wr44_r | - | |
| digi | connect_es_firmware | * | |
| digi | connect_es | - | |
| digi | wr21_firmware | * | |
| digi | wr21 | - | |
| digi | one_iap_firmware | * | |
| digi | one_iap | - | |
| digi | one_iap_haz_firmware | * | |
| digi | one_iap_haz | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "D59A75BB-9159-4631-BC71-39969604EB41",
"versionEndIncluding": "1.9-40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E2542E98-F70D-4208-948A-BD69E7A29BA5",
"versionEndIncluding": "4.10.490",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_ts_8\\/16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9EA753-1CAC-4A67-B856-3C10C5B4B46D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_ts_8\\/16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90551D8-A6FF-40EE-BE92-C60D3CCF9FD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_lts_8\\/16\\/32_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61EB8CA2-2B8B-454B-A626-F62D0FE5CD9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_lts_8\\/16\\/32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0620D1B-2856-4EDC-9BD4-F450375EF2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:passport_integrated_console_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2115058-245C-4FF7-97BB-67BA9C109B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:passport_integrated_console_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "445C5BA3-6733-40C8-B895-D9AED69F6825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:cm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC630FB9-26EE-4287-A140-9C29D583E672",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9DDFA4-8F21-47E4-97D0-3B135072E273",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D816746-F642-49BE-8C29-FCC39FB9684A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6377CC-097B-4775-9964-338A3CFA87CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFB437A-6204-43CF-8567-6B271C8A6A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8206DA8-2823-4116-9E76-975C9A3F2EF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED9E7D9-03F9-4707-9A84-B94F4B47C940",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*",
"matchCriteriaId": "817E2152-5A72-4B88-A1A1-8CFEFA134979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_m_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04BA6165-F33E-4D34-A4E2-B658601A87F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7BF4B-3C56-44B2-8933-E24ACCA000E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:6350-sr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77B38406-6CF6-4E03-8637-E3A34E652887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:6350-sr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "511A91D4-E530-4DAB-8D27-1171D3580DC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_p_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98CE064-C7CE-44BB-867F-C1589BF53FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C711FEFA-0A37-4B97-AAC0-D0330D9F5E55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D678EC7F-5B4F-4CE5-83EE-8BB496011D02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_ia_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D204A-CEA9-4A2C-9E08-6315007384B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE8C4FB-9DB5-4A32-8EFC-69B746BF2E33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr31_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6848D4-90FB-4916-B5FF-7194BE75041E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F02872-5C53-419B-902C-4906E546C8B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr44_r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26070C-69AD-4549-9F13-9FF7AA3B3AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E08FD-5872-4E42-BDA7-2B15CF49C06D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70664D1E-6E97-488E-BF8E-4C36C02D162B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF02532-005E-4246-AA51-DAC2EA1726FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr21_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BE2DA9-A83A-48FA-A3BB-0E8E2FCB959C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0E5E9-FBFE-4C99-9C68-6322B255BE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_iap_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C62882-7FFC-433F-A7B6-391C1556B014",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF501FC-E102-4D8D-A2B7-6F9D0F444959",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_iap_haz_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBD34A8-00DE-4D4B-A018-1863690449E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_iap_haz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87EFFFBB-DBE5-43D2-AFBE-661F942B745C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server\u0027s access password. The attacker may then crack this hash offline in order to successfully login to the server."
},
{
"lang": "es",
"value": "En Digi RealPort hasta la versi\u00f3n 4.10.490, la autenticaci\u00f3n se basa en un mecanismo de desaf\u00edo-respuesta que da acceso a la contrase\u00f1a del servidor, lo que hace que la protecci\u00f3n sea ineficaz. Un atacante puede enviar una solicitud no autenticada al servidor. El servidor responder\u00e1 con una versi\u00f3n d\u00e9bilmente codificada de la contrase\u00f1a de acceso al servidor. El atacante puede entonces descifrar este hash fuera de l\u00ednea con el fin de iniciar sesi\u00f3n con \u00e9xito en el servidor"
}
],
"id": "CVE-2021-36767",
"lastModified": "2024-11-21T06:14:03.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T15:15:09.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-08 15:15
Modified
2024-11-21 06:12
Severity ?
Summary
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digi | realport | * | |
| digi | realport | * | |
| digi | connectport_ts_8\/16_firmware | * | |
| digi | connectport_ts_8\/16 | - | |
| digi | connectport_lts_8\/16\/32_firmware | * | |
| digi | connectport_lts_8\/16\/32 | - | |
| digi | passport_integrated_console_server_firmware | * | |
| digi | passport_integrated_console_server | - | |
| digi | cm_firmware | * | |
| digi | cm | - | |
| digi | portserver_ts_firmware | * | |
| digi | portserver_ts | - | |
| digi | portserver_ts_mei_firmware | * | |
| digi | portserver_ts_mei | - | |
| digi | portserver_ts_mei_hardened_firmware | * | |
| digi | portserver_ts_mei_hardened | - | |
| digi | portserver_ts_m_mei_firmware | * | |
| digi | portserver_ts_m_mei | - | |
| digi | 6350-sr_firmware | * | |
| digi | 6350-sr | - | |
| digi | portserver_ts_p_mei_firmware | * | |
| digi | portserver_ts_p_mei | - | |
| digi | transport_wr11_xt_firmware | * | |
| digi | transport_wr11_xt | - | |
| digi | one_iap_family_firmware | * | |
| digi | one_iap_family | - | |
| digi | one_ia_firmware | * | |
| digi | one_ia | - | |
| digi | wr31_firmware | * | |
| digi | wr31 | - | |
| digi | wr44_r_firmware | * | |
| digi | wr44_r | - | |
| digi | connect_es_firmware | * | |
| digi | connect_es | - | |
| digi | wr21_firmware | * | |
| digi | wr21 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "D59A75BB-9159-4631-BC71-39969604EB41",
"versionEndIncluding": "1.9-40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4051C215-7A7D-44AF-8194-ABB054C8C0AA",
"versionEndIncluding": "4.8.488.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_ts_8\\/16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9EA753-1CAC-4A67-B856-3C10C5B4B46D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_ts_8\\/16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90551D8-A6FF-40EE-BE92-C60D3CCF9FD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_lts_8\\/16\\/32_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61EB8CA2-2B8B-454B-A626-F62D0FE5CD9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_lts_8\\/16\\/32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0620D1B-2856-4EDC-9BD4-F450375EF2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:passport_integrated_console_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2115058-245C-4FF7-97BB-67BA9C109B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:passport_integrated_console_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "445C5BA3-6733-40C8-B895-D9AED69F6825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:cm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC630FB9-26EE-4287-A140-9C29D583E672",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9DDFA4-8F21-47E4-97D0-3B135072E273",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D816746-F642-49BE-8C29-FCC39FB9684A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6377CC-097B-4775-9964-338A3CFA87CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFB437A-6204-43CF-8567-6B271C8A6A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8206DA8-2823-4116-9E76-975C9A3F2EF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED9E7D9-03F9-4707-9A84-B94F4B47C940",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*",
"matchCriteriaId": "817E2152-5A72-4B88-A1A1-8CFEFA134979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_m_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04BA6165-F33E-4D34-A4E2-B658601A87F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7BF4B-3C56-44B2-8933-E24ACCA000E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:6350-sr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77B38406-6CF6-4E03-8637-E3A34E652887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:6350-sr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "511A91D4-E530-4DAB-8D27-1171D3580DC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_p_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98CE064-C7CE-44BB-867F-C1589BF53FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C711FEFA-0A37-4B97-AAC0-D0330D9F5E55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D678EC7F-5B4F-4CE5-83EE-8BB496011D02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_iap_family_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59992E4A-F342-4EE0-8050-BEA624A92640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_iap_family:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6848E4-F446-4D2D-9D01-9B9C23DF203B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_ia_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D204A-CEA9-4A2C-9E08-6315007384B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE8C4FB-9DB5-4A32-8EFC-69B746BF2E33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr31_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6848D4-90FB-4916-B5FF-7194BE75041E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F02872-5C53-419B-902C-4906E546C8B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr44_r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26070C-69AD-4549-9F13-9FF7AA3B3AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E08FD-5872-4E42-BDA7-2B15CF49C06D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70664D1E-6E97-488E-BF8E-4C36C02D162B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF02532-005E-4246-AA51-DAC2EA1726FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr21_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BE2DA9-A83A-48FA-A3BB-0E8E2FCB959C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0E5E9-FBFE-4C99-9C68-6322B255BE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Digi RealPort para Windows versiones hasta 4.8.488.0. Se presenta un desbordamiento del b\u00fafer en el manejo de los mensajes de respuesta de detecci\u00f3n ADDP. Esto podr\u00eda dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-35977",
"lastModified": "2024-11-21T06:12:52.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T15:15:08.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-08 15:15
Modified
2024-11-21 06:12
Severity ?
Summary
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| digi | realport | * | |
| digi | realport | * | |
| digi | connectport_ts_8\/16_firmware | * | |
| digi | connectport_ts_8\/16 | - | |
| digi | connectport_lts_8\/16\/32_firmware | * | |
| digi | connectport_lts_8\/16\/32 | - | |
| digi | passport_integrated_console_server_firmware | * | |
| digi | passport_integrated_console_server | - | |
| digi | cm_firmware | * | |
| digi | cm | - | |
| digi | portserver_ts_firmware | * | |
| digi | portserver_ts | - | |
| digi | portserver_ts_mei_firmware | * | |
| digi | portserver_ts_mei | - | |
| digi | portserver_ts_mei_hardened_firmware | * | |
| digi | portserver_ts_mei_hardened | - | |
| digi | portserver_ts_m_mei_firmware | * | |
| digi | portserver_ts_m_mei | - | |
| digi | 6350-sr_firmware | * | |
| digi | 6350-sr | - | |
| digi | portserver_ts_p_mei_firmware | * | |
| digi | portserver_ts_p_mei | - | |
| digi | transport_wr11_xt_firmware | * | |
| digi | transport_wr11_xt | - | |
| digi | one_iap_family_firmware | * | |
| digi | one_iap_family | - | |
| digi | one_ia_firmware | * | |
| digi | one_ia | - | |
| digi | wr31_firmware | * | |
| digi | wr31 | - | |
| digi | wr44_r_firmware | * | |
| digi | wr44_r | - | |
| digi | connect_es_firmware | * | |
| digi | connect_es | - | |
| digi | wr21_firmware | * | |
| digi | wr21 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "D59A75BB-9159-4631-BC71-39969604EB41",
"versionEndIncluding": "1.9-40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4051C215-7A7D-44AF-8194-ABB054C8C0AA",
"versionEndIncluding": "4.8.488.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_ts_8\\/16_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9EA753-1CAC-4A67-B856-3C10C5B4B46D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_ts_8\\/16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E90551D8-A6FF-40EE-BE92-C60D3CCF9FD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connectport_lts_8\\/16\\/32_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61EB8CA2-2B8B-454B-A626-F62D0FE5CD9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connectport_lts_8\\/16\\/32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0620D1B-2856-4EDC-9BD4-F450375EF2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:passport_integrated_console_server_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2115058-245C-4FF7-97BB-67BA9C109B0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:passport_integrated_console_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "445C5BA3-6733-40C8-B895-D9AED69F6825",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:cm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC630FB9-26EE-4287-A140-9C29D583E672",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9DDFA4-8F21-47E4-97D0-3B135072E273",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D816746-F642-49BE-8C29-FCC39FB9684A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6377CC-097B-4775-9964-338A3CFA87CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFB437A-6204-43CF-8567-6B271C8A6A53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8206DA8-2823-4116-9E76-975C9A3F2EF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED9E7D9-03F9-4707-9A84-B94F4B47C940",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*",
"matchCriteriaId": "817E2152-5A72-4B88-A1A1-8CFEFA134979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_m_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04BA6165-F33E-4D34-A4E2-B658601A87F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7BF4B-3C56-44B2-8933-E24ACCA000E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:6350-sr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77B38406-6CF6-4E03-8637-E3A34E652887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:6350-sr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "511A91D4-E530-4DAB-8D27-1171D3580DC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:portserver_ts_p_mei_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E98CE064-C7CE-44BB-867F-C1589BF53FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C711FEFA-0A37-4B97-AAC0-D0330D9F5E55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D678EC7F-5B4F-4CE5-83EE-8BB496011D02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_iap_family_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59992E4A-F342-4EE0-8050-BEA624A92640",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_iap_family:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6848E4-F446-4D2D-9D01-9B9C23DF203B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:one_ia_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E04D204A-CEA9-4A2C-9E08-6315007384B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE8C4FB-9DB5-4A32-8EFC-69B746BF2E33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr31_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6848D4-90FB-4916-B5FF-7194BE75041E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F02872-5C53-419B-902C-4906E546C8B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr44_r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED26070C-69AD-4549-9F13-9FF7AA3B3AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E08FD-5872-4E42-BDA7-2B15CF49C06D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70664D1E-6E97-488E-BF8E-4C36C02D162B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF02532-005E-4246-AA51-DAC2EA1726FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digi:wr21_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BE2DA9-A83A-48FA-A3BB-0E8E2FCB959C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC0E5E9-FBFE-4C99-9C68-6322B255BE88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Digi RealPort through 4.8.488.0. The \u0027encrypted\u0027 mode is vulnerable to man-in-the-middle attacks and does not perform authentication."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Digi RealPort versiones hasta 4.8.488.0. El modo \"encrypted\" es vulnerable a los ataques de tipo man-in-the-middle y no lleva a cabo la autenticaci\u00f3n"
}
],
"id": "CVE-2021-35979",
"lastModified": "2024-11-21T06:12:52.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-08T15:15:08.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202308-3626
Vulnerability from variot
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Digi International Provided by Digi RealPort Protocol The following vulnerabilities exist in. It was * Authentication using password hashes instead of passwords (CWE-836) - CVE-2023-4299If the vulnerability is exploited, it may be affected as follows. It was * Authentication is bypassed and connected devices are accessed by a remote third party
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "portserver ts p mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "connectport ts 8\\/16",
"scope": "lt",
"trust": 1.0,
"vendor": "digi",
"version": "2.26.2.4"
},
{
"model": "wr31",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "connect sp",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "one ia",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "1.9-40"
},
{
"model": "portserver ts mei hardened",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "one iap",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts m mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "wr44 r",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "transport wr11 xt",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "connect es",
"scope": "lt",
"trust": 1.0,
"vendor": "digi",
"version": "2.26.2.4"
},
{
"model": "wr21",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "cm",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "one sp ia",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "one sp",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "4.8.488.0"
},
{
"model": "connectport lts 8\\/16\\/32",
"scope": "lt",
"trust": 1.0,
"vendor": "digi",
"version": "1.4.9"
},
{
"model": "passport",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": null
},
{
"model": "connectport ts 8/16",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "transport wr31",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connect es",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "transport wr11xt",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei hardened",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connect sp",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "one ia",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts p mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "one iap family",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport lts 8/16/32",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "one sp ia",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts m mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "passport console server",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "realport",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "transport wr21",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "one sp",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "transport wr44 r",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "cm console server",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"cve": "CVE-2023-4299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-4299",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-4299",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-4299",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-4299",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2023-4299",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-4299",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDigi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Digi International Provided by Digi RealPort Protocol The following vulnerabilities exist in. It was * Authentication using password hashes instead of passwords (CWE-836) - CVE-2023-4299If the vulnerability is exploited, it may be affected as follows. It was * Authentication is bypassed and connected devices are accessed by a remote third party",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "VULMON",
"id": "CVE-2023-4299"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-4299",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-23-243-04",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU92217208",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003551",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-4299",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"id": "VAR-202308-3626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:17:00.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RealPort\u00a0CVEs\u00a0(PDF)",
"trust": 0.8,
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-836",
"trust": 1.0
},
{
"problemtype": "Authentication using password hashes instead of passwords (CWE-836) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04"
},
{
"trust": 1.1,
"url": "https://www.digi.com/getattachment/resources/security/alerts/realport-cves/dragos-disclosure-statement.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92217208/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4299"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/836.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-4299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4299"
},
{
"date": "2023-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"date": "2023-08-31T21:15:09.183000",
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4299"
},
{
"date": "2024-06-13T07:29:00",
"db": "JVNDB",
"id": "JVNDB-2023-003551"
},
{
"date": "2023-09-06T20:13:32.917000",
"db": "NVD",
"id": "CVE-2023-4299"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digi\u00a0International\u00a0 Made \u00a0RealPort\u00a0Protocol\u00a0 Authentication vulnerability using password hashes instead of passwords in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003551"
}
],
"trust": 0.8
}
}
var-202110-0147
Vulnerability from variot
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. Windows for Digi RealPort Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "6350-sr",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "transport wr11 xt",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts m mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr21",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connect es",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "1.9-40"
},
{
"model": "cm",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "passport integrated console server",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one iap family",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport lts 8\\/16\\/32",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport ts 8\\/16",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr31",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts p mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one ia",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts mei hardened",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "4.8.488.0"
},
{
"model": "portserver ts mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr44 r",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport lts 8/16/32",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "passport integrated console server",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts m mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "6350-sr",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "cm",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei hardened",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "realport",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport ts 8/16",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"cve": "CVE-2021-35977",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-35977",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-35977",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35977",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35977",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-35977",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-485",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-35977",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. Windows for Digi RealPort Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35977"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "VULMON",
"id": "CVE-2021-35977"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35977",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-485",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35977",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"id": "VAR-202110-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:55:47.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.digi.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35977"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"date": "2022-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"date": "2021-10-08T15:15:08.870000",
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35977"
},
{
"date": "2022-10-04T05:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-014066"
},
{
"date": "2021-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-485"
},
{
"date": "2023-05-26T18:18:32.127000",
"db": "NVD",
"id": "CVE-2021-35977"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows\u00a0 for \u00a0Digi\u00a0RealPort\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-485"
}
],
"trust": 0.6
}
}
var-202110-0676
Vulnerability from variot
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. Digi RealPort contains a vulnerability related to the use of insufficiently strong password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "6350-sr",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "transport wr11 xt",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts m mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr21",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "4.10.490"
},
{
"model": "connect es",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "1.9-40"
},
{
"model": "cm",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "passport integrated console server",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport lts 8\\/16\\/32",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport ts 8\\/16",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr31",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one iap haz",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts p mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one ia",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts mei hardened",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one iap",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr44 r",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "passport integrated console server",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts m mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei hardened",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport lts 8/16/32",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport ts 8/16",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "6350-sr",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "cm",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"cve": "CVE-2021-36767",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-36767",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-36767",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-36767",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36767",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-36767",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-488",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server\u0027s access password. The attacker may then crack this hash offline in order to successfully login to the server. Digi RealPort contains a vulnerability related to the use of insufficiently strong password hashes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36767"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-36767",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013704",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-36767",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-36767"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"id": "VAR-202110-0676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:33:03.053000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.digi.com/"
},
{
"title": "Digi RealPort Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166513"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.0
},
{
"problemtype": "Use of weak password hashes (CWE-916) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36767"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-36767"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"date": "2021-10-08T15:15:09.037000",
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-26T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-013704"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-488"
},
{
"date": "2023-09-25T02:30:08.853000",
"db": "NVD",
"id": "CVE-2021-36767"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digi\u00a0RealPort\u00a0 Vulnerability related to the use of insufficiently strong password hashes in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013704"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-488"
}
],
"trust": 0.6
}
}
var-202110-0148
Vulnerability from variot
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication. Digi RealPort There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "6350-sr",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "transport wr11 xt",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts m mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr21",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connect es",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "1.9-40"
},
{
"model": "cm",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "passport integrated console server",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one iap family",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport lts 8\\/16\\/32",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "connectport ts 8\\/16",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr31",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts p mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "one ia",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts mei hardened",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "realport",
"scope": "lte",
"trust": 1.0,
"vendor": "digi",
"version": "4.8.488.0"
},
{
"model": "portserver ts mei",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "wr44 r",
"scope": "eq",
"trust": 1.0,
"vendor": "digi",
"version": "*"
},
{
"model": "portserver ts",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport lts 8/16/32",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "passport integrated console server",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts m mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "6350-sr",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "cm",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei hardened",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "realport",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "portserver ts mei",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
},
{
"model": "connectport ts 8/16",
"scope": null,
"trust": 0.8,
"vendor": "digi",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"cve": "CVE-2021-35979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-35979",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-35979",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35979",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-35979",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-486",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Digi RealPort through 4.8.488.0. The \u0027encrypted\u0027 mode is vulnerable to man-in-the-middle attacks and does not perform authentication. Digi RealPort There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "VULMON",
"id": "CVE-2021-35979"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35979",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-486",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"id": "VAR-202110-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:22:09.273000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.digi.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35979"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"date": "2022-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"date": "2021-10-08T15:15:08.917000",
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35979"
},
{
"date": "2022-10-04T05:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-014067"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-486"
},
{
"date": "2023-05-26T18:18:41.580000",
"db": "NVD",
"id": "CVE-2021-35979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digi\u00a0RealPort\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-486"
}
],
"trust": 0.6
}
}