An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt | Third Party Advisory |
https://www.digi.com/search/results?q=transport | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
14 Dec 2021, 17:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CPE | cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_dr64_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr44_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr44:v2:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr41:-:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.digi.com/search/results?q=transport - Vendor Advisory | |
References | (MISC) https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt - Third Party Advisory |
10 Dec 2021, 13:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-10 13:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-37187
Mitre link : CVE-2021-37187
CVE.ORG link : CVE-2021-37187
JSON object : View
Products Affected
digi
- transport_dr64_firmware
- transport_vc74
- transport_wr11_xt
- transport_wr21_firmware
- transport_wr31
- transport_wr44_firmware
- transport_wr21
- transport_wr44
- transport_wr41_firmware
- transport_dr64
- transport_vc74_firmware
- transport_wr31_firmware
- transport_wr41
- transport_wr11
- transport_wr11_firmware
- transport_sr44
- transport_wr11_xt_firmware
CWE
CWE-522
Insufficiently Protected Credentials