Vulnerability-Lookup - Search a vulnerability

CVE-2021-37187 (GCVE-0-2021-37187)

Vulnerability from cvelistv5

Published

2021-12-10 12:24

Modified

2024-08-04 01:16

Severity ?

CWE

n/a

Summary

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CVE-2021-35978 (GCVE-0-2021-35978)

Vulnerability from cvelistv5

Published

2021-12-10 12:18

Modified

2024-08-04 00:47

Severity ?

CWE

n/a

Summary

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CVE-2021-37188 (GCVE-0-2021-37188)

Vulnerability from cvelistv5

Published

2021-12-10 12:46

Modified

2024-08-04 01:16

Severity ?

CWE

n/a

Summary

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Vulnerability from fkie_nvd

Published

2021-12-10 13:15

Modified

2024-11-21 06:14

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.

References

URL	Tags
cve@mitre.org	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory
cve@mitre.org	https://www.digi.com/search/results?q=transport	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.digi.com/search/results?q=transport	Vendor Advisory

Impacted products

Vendor	Product	Version
digi	transport_dr64_firmware	*
digi	transport_dr64	-
digi	transport_dr64_firmware	-
digi	transport_sr44	-
digi	transport_vc74_firmware	*
digi	transport_vc74	-
digi	transport_wr11_firmware	*
digi	transport_wr11	-
digi	transport_wr11_xt_firmware	*
digi	transport_wr11_xt	-
digi	transport_wr21_firmware	*
digi	transport_wr21	-
digi	transport_wr31_firmware	*
digi	transport_wr31	-
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41	-
digi	transport_wr44_firmware	*
digi	transport_wr44	v2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52506872-BAFC-4A01-929F-FF5FFF506F8B",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEA8387-7D13-459E-AB57-23623E585F58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_dr64_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F7B7F8-4143-4256-AC2D-CBEDCB3670E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7CE342-9785-4F57-932D-23650C6E84A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BB2FB4-1978-476D-A41E-C6ECE4D08EBA",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDD2C41-D47E-4433-A461-066FB167B042",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D8D126-5210-4837-A0A2-51E7BA8B85C1",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBAC641-0471-4AC1-AB8B-8E56FE3E3333",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1070E773-F522-46F2-B9FE-B7477D78E5B7",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B28486-C8C9-42EE-8798-EB01E2AD730E",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "958AC18F-8C58-4BED-9ED7-AAAB722FE8B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "867CD9A1-BCE3-4627-B4B7-4E3202A55F36",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC28ABA4-2794-4890-BFDC-416E155AB366",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F03CF2-89C3-4A3D-9565-4A5F6715A793",
              "versionEndIncluding": "5.2.4.6",
              "versionStartIncluding": "5.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3E5EFF-94F4-4466-9F35-E4B6774BEA75",
              "versionEndIncluding": "6.1.3.5",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9368A8-B92B-47C0-BEAC-7D3EB33D3D85",
              "versionEndIncluding": "8.3.1.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr41:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D041514D-8E0A-4ABB-AC24-6C716F672390",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD94312-4005-43EC-B2FA-F09289C3F078",
              "versionEndIncluding": "8.3.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr44:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F8AF9D-B7B8-4BD7-8BA0-42A18C5EA298",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users\u0027 passwords."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en los dispositivos Digi TransPort versiones hasta 21-07-2021. Un atacante autenticado puede leer un archivo de contrase\u00f1as (con contrase\u00f1as reversibles) del dispositivo, lo que permite descifrar las contrase\u00f1as de otros usuarios"
    }
  ],
  "id": "CVE-2021-37187",
  "lastModified": "2024-11-21T06:14:49.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-10T13:15:07.667",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.digi.com/search/results?q=transport"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.digi.com/search/results?q=transport"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-10 13:15

Modified

2024-11-21 06:12

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.

References

URL	Tags
cve@mitre.org	https://digi.com	Vendor Advisory
cve@mitre.org	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://digi.com	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory

Impacted products

Vendor	Product	Version
digi	transport_dr64_firmware	*
digi	transport_dr64	-
digi	transport_sr44_firmware	*
digi	transport_sr44	-
digi	transport_vc74_firmware	*
digi	transport_vc74	-
digi	transport_wr11_firmware	*
digi	transport_wr11	-
digi	transport_wr11_xt_firmware	*
digi	transport_wr11_xt	-
digi	transport_wr21_firmware	*
digi	transport_wr21	-
digi	transport_wr31_firmware	*
digi	transport_wr31	-
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41	-
digi	transport_wr44_firmware	*
digi	transport_wr44	v2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52506872-BAFC-4A01-929F-FF5FFF506F8B",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEA8387-7D13-459E-AB57-23623E585F58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_sr44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91254B1B-B09F-406A-8CCD-357B585FE812",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7CE342-9785-4F57-932D-23650C6E84A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BB2FB4-1978-476D-A41E-C6ECE4D08EBA",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDD2C41-D47E-4433-A461-066FB167B042",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D8D126-5210-4837-A0A2-51E7BA8B85C1",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBAC641-0471-4AC1-AB8B-8E56FE3E3333",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1070E773-F522-46F2-B9FE-B7477D78E5B7",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B28486-C8C9-42EE-8798-EB01E2AD730E",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "958AC18F-8C58-4BED-9ED7-AAAB722FE8B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "867CD9A1-BCE3-4627-B4B7-4E3202A55F36",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC28ABA4-2794-4890-BFDC-416E155AB366",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F03CF2-89C3-4A3D-9565-4A5F6715A793",
              "versionEndIncluding": "5.2.4.6",
              "versionStartIncluding": "5.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3E5EFF-94F4-4466-9F35-E4B6774BEA75",
              "versionEndIncluding": "6.1.3.5",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9368A8-B92B-47C0-BEAC-7D3EB33D3D85",
              "versionEndIncluding": "8.3.1.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr41:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D041514D-8E0A-4ABB-AC24-6C716F672390",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD94312-4005-43EC-B2FA-F09289C3F078",
              "versionEndIncluding": "8.3.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr44:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F8AF9D-B7B8-4BD7-8BA0-42A18C5EA298",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Digi TransPort DR64, SR44 VC74 y WR. El protocolo ZING permite una ejecuci\u00f3n arbitraria de comandos remotos con privilegios SUPER. Esto permite a un atacante (con conocimiento del protocolo) ejecutar c\u00f3digo arbitrario en el controlador, incluyendo la sobreescritura del firmware, la adici\u00f3n/eliminaci\u00f3n de usuarios, la deshabilitaci\u00f3n del firewall interno, etc"
    }
  ],
  "id": "CVE-2021-35978",
  "lastModified": "2024-11-21T06:12:52.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-10T13:15:07.620",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://digi.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://digi.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-10 13:15

Modified

2024-11-21 06:14

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

References

URL	Tags
cve@mitre.org	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory
cve@mitre.org	https://www.digi.com/search/results?q=transport	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.digi.com/search/results?q=transport	Vendor Advisory

Impacted products

Vendor	Product	Version
digi	transport_dr64_firmware	*
digi	transport_dr64	-
digi	transport_dr64_firmware	-
digi	transport_sr44	-
digi	transport_vc74_firmware	*
digi	transport_vc74	-
digi	transport_wr11_firmware	*
digi	transport_wr11	-
digi	transport_wr11_xt_firmware	*
digi	transport_wr11_xt	-
digi	transport_wr21_firmware	*
digi	transport_wr21	-
digi	transport_wr31_firmware	*
digi	transport_wr31	-
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41_firmware	*
digi	transport_wr41	-
digi	transport_wr44_firmware	*
digi	transport_wr44	v2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52506872-BAFC-4A01-929F-FF5FFF506F8B",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEA8387-7D13-459E-AB57-23623E585F58",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_dr64_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F7B7F8-4143-4256-AC2D-CBEDCB3670E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7CE342-9785-4F57-932D-23650C6E84A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BB2FB4-1978-476D-A41E-C6ECE4D08EBA",
              "versionEndIncluding": "5.2.4.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDD2C41-D47E-4433-A461-066FB167B042",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D8D126-5210-4837-A0A2-51E7BA8B85C1",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CBAC641-0471-4AC1-AB8B-8E56FE3E3333",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1070E773-F522-46F2-B9FE-B7477D78E5B7",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10850ACB-E28F-4AC7-ABA0-EDFF2D2F9EF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B28486-C8C9-42EE-8798-EB01E2AD730E",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "958AC18F-8C58-4BED-9ED7-AAAB722FE8B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "867CD9A1-BCE3-4627-B4B7-4E3202A55F36",
              "versionEndIncluding": "8.2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC28ABA4-2794-4890-BFDC-416E155AB366",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F03CF2-89C3-4A3D-9565-4A5F6715A793",
              "versionEndIncluding": "5.2.4.6",
              "versionStartIncluding": "5.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3E5EFF-94F4-4466-9F35-E4B6774BEA75",
              "versionEndIncluding": "6.1.3.5",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9368A8-B92B-47C0-BEAC-7D3EB33D3D85",
              "versionEndIncluding": "8.3.1.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr41:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D041514D-8E0A-4ABB-AC24-6C716F672390",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digi:transport_wr44_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD94312-4005-43EC-B2FA-F09289C3F078",
              "versionEndIncluding": "8.3.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digi:transport_wr44:v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F8AF9D-B7B8-4BD7-8BA0-42A18C5EA298",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en los dispositivos Digi TransPort versiones hasta 21-07-2021. Un atacante autenticado puede cargar un firmware personalizado (porque el cargador de arranque no verifica que sea aut\u00e9ntico), cambiando el comportamiento de la puerta de enlace"
    }
  ],
  "id": "CVE-2021-37188",
  "lastModified": "2024-11-21T06:14:49.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-10T13:15:07.710",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.digi.com/search/results?q=transport"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.digi.com/search/results?q=transport"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to digi - transport_vc74

CVE-2021-37187 (GCVE-0-2021-37187)

Vulnerability from cvelistv5

CVE-2021-35978 (GCVE-0-2021-35978)

Vulnerability from cvelistv5

CVE-2021-37188 (GCVE-0-2021-37188)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd