Vulnerability Details CVE-2021-35979
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2021-35979
-
cpe:2.3:a:digi:realport:1.9-40
-
cpe:2.3:a:digi:realport:4.8.488.0
-
cpe:2.3:h:digi:6350-sr:-
-
cpe:2.3:h:digi:cm:-
-
cpe:2.3:h:digi:connect_es:-
-
cpe:2.3:h:digi:connectport_lts_8/16/32:-
-
cpe:2.3:h:digi:connectport_ts_8/16:-
-
cpe:2.3:h:digi:one_ia:-
-
cpe:2.3:h:digi:one_iap_family:-
-
cpe:2.3:h:digi:passport_integrated_console_server:-
-
cpe:2.3:h:digi:portserver_ts:-
-
cpe:2.3:h:digi:portserver_ts_m_mei:-
-
cpe:2.3:h:digi:portserver_ts_mei:-
-
cpe:2.3:h:digi:portserver_ts_mei_hardened:-
-
cpe:2.3:h:digi:portserver_ts_p_mei:-
-
cpe:2.3:h:digi:transport_wr11_xt:-
-
cpe:2.3:h:digi:wr21:-
-
cpe:2.3:h:digi:wr31:-
-
cpe:2.3:h:digi:wr44_r:-
-
cpe:2.3:o:digi:6350-sr_firmware:-
-
cpe:2.3:o:digi:cm_firmware:-
-
cpe:2.3:o:digi:connect_es_firmware:-
-
cpe:2.3:o:digi:connectport_lts_8/16/32_firmware:-
-
cpe:2.3:o:digi:connectport_ts_8/16_firmware:-
-
cpe:2.3:o:digi:one_ia_firmware:-
-
cpe:2.3:o:digi:one_iap_family_firmware:-
-
cpe:2.3:o:digi:passport_integrated_console_server_firmware:-
-
cpe:2.3:o:digi:portserver_ts_firmware:-
-
cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-
-
cpe:2.3:o:digi:portserver_ts_mei_firmware:-
-
cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-
-
cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-
-
cpe:2.3:o:digi:transport_wr11_xt_firmware:-
-
cpe:2.3:o:digi:transport_wr11_xt_firmware:6.0.0.0
-
cpe:2.3:o:digi:transport_wr11_xt_firmware:8.2.1.3
-
cpe:2.3:o:digi:wr21_firmware:-
-
cpe:2.3:o:digi:wr31_firmware:-
-
cpe:2.3:o:digi:wr31_firmware:6.0.0.0
-
cpe:2.3:o:digi:wr31_firmware:8.2.1.3
-
cpe:2.3:o:digi:wr44_r_firmware:-