CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2021-36767

Digi » Realport » Version: 1.9-40

cpe:2.3:a:digi:realport:1.9-40
Digi » Realport » Version: 4.8.488.0

cpe:2.3:a:digi:realport:4.8.488.0
Digi » 6350-Sr » Version: N/A

cpe:2.3:h:digi:6350-sr:-
Digi » Cm » Version: N/A

cpe:2.3:h:digi:cm:-
Digi » Connect Es » Version: N/A

cpe:2.3:h:digi:connect_es:-
Digi » Connectport Lts 8/16/32 » Version: N/A

cpe:2.3:h:digi:connectport_lts_8/16/32:-
Digi » Connectport Ts 8/16 » Version: N/A

cpe:2.3:h:digi:connectport_ts_8/16:-
Digi » One Ia » Version: N/A

cpe:2.3:h:digi:one_ia:-
Digi » One Iap » Version: N/A

cpe:2.3:h:digi:one_iap:-
Digi » One Iap Haz » Version: N/A

cpe:2.3:h:digi:one_iap_haz:-
Digi » Passport Integrated Console Server » Version: N/A

cpe:2.3:h:digi:passport_integrated_console_server:-
Digi » Portserver Ts » Version: N/A

cpe:2.3:h:digi:portserver_ts:-
Digi » Portserver Ts M Mei » Version: N/A

cpe:2.3:h:digi:portserver_ts_m_mei:-
Digi » Portserver Ts Mei » Version: N/A

cpe:2.3:h:digi:portserver_ts_mei:-
Digi » Portserver Ts Mei Hardened » Version: N/A

cpe:2.3:h:digi:portserver_ts_mei_hardened:-
Digi » Portserver Ts P Mei » Version: N/A

cpe:2.3:h:digi:portserver_ts_p_mei:-
Digi » Transport Wr11 Xt » Version: N/A

cpe:2.3:h:digi:transport_wr11_xt:-
Digi » Wr21 » Version: N/A

cpe:2.3:h:digi:wr21:-
Digi » Wr31 » Version: N/A

cpe:2.3:h:digi:wr31:-
Digi » Wr44 R » Version: N/A

cpe:2.3:h:digi:wr44_r:-
Digi » 6350-Sr Firmware » Version: N/A

cpe:2.3:o:digi:6350-sr_firmware:-
Digi » Cm Firmware » Version: N/A

cpe:2.3:o:digi:cm_firmware:-
Digi » Connect Es Firmware » Version: N/A

cpe:2.3:o:digi:connect_es_firmware:-
Digi » Connectport Lts 8/16/32 Firmware » Version: N/A

cpe:2.3:o:digi:connectport_lts_8/16/32_firmware:-
Digi » Connectport Ts 8/16 Firmware » Version: N/A

cpe:2.3:o:digi:connectport_ts_8/16_firmware:-
Digi » One Ia Firmware » Version: N/A

cpe:2.3:o:digi:one_ia_firmware:-
Digi » One Iap Firmware » Version: N/A

cpe:2.3:o:digi:one_iap_firmware:-
Digi » One Iap Haz Firmware » Version: Any

cpe:2.3:o:digi:one_iap_haz_firmware:*
Digi » Passport Integrated Console Server Firmware » Version: N/A

cpe:2.3:o:digi:passport_integrated_console_server_firmware:-
Digi » Portserver Ts Firmware » Version: N/A

cpe:2.3:o:digi:portserver_ts_firmware:-
Digi » Portserver Ts M Mei Firmware » Version: N/A

cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-
Digi » Portserver Ts Mei Firmware » Version: N/A

cpe:2.3:o:digi:portserver_ts_mei_firmware:-
Digi » Portserver Ts Mei Hardened Firmware » Version: N/A

cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-
Digi » Portserver Ts P Mei Firmware » Version: N/A

cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-
Digi » Transport Wr11 Xt Firmware » Version: N/A

cpe:2.3:o:digi:transport_wr11_xt_firmware:-
Digi » Transport Wr11 Xt Firmware » Version: 6.0.0.0

cpe:2.3:o:digi:transport_wr11_xt_firmware:6.0.0.0
Digi » Transport Wr11 Xt Firmware » Version: 8.2.1.3

cpe:2.3:o:digi:transport_wr11_xt_firmware:8.2.1.3
Digi » Wr21 Firmware » Version: N/A

cpe:2.3:o:digi:wr21_firmware:-
Digi » Wr31 Firmware » Version: N/A

cpe:2.3:o:digi:wr31_firmware:-
Digi » Wr31 Firmware » Version: 6.0.0.0

cpe:2.3:o:digi:wr31_firmware:6.0.0.0
Digi » Wr31 Firmware » Version: 8.2.1.3

cpe:2.3:o:digi:wr31_firmware:8.2.1.3
Digi » Wr44 R Firmware » Version: N/A

cpe:2.3:o:digi:wr44_r_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36767

Products

Pricing

Contact Us