CVE-2021-36767

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-10-2021 05:15

Last modified: - 29-04-2022 02:49

Total changes: - 4

Description

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=digi AND product=realport AND target_software=linux AND versionEndIncluding=1.9-40

vendor=digi AND product=realport AND target_software=windows AND versionEndIncluding=4.10.490

AND

vendor=digi AND product=connectport_ts_8\/16_firmware

vendor=digi AND product=connectport_ts_8\/16 AND version=-

AND

vendor=digi AND product=connectport_lts_8\/16\/32_firmware

vendor=digi AND product=connectport_lts_8\/16\/32 AND version=-

AND

vendor=digi AND product=passport_integrated_console_server_firmware

vendor=digi AND product=passport_integrated_console_server AND version=-

AND

vendor=digi AND product=cm_firmware

vendor=digi AND product=cm AND version=-

AND

vendor=digi AND product=portserver_ts_firmware

vendor=digi AND product=portserver_ts AND version=-

AND

vendor=digi AND product=portserver_ts_mei_firmware

vendor=digi AND product=portserver_ts_mei AND version=-

AND

vendor=digi AND product=portserver_ts_mei_hardened_firmware

vendor=digi AND product=portserver_ts_mei_hardened AND version=-

AND

vendor=digi AND product=portserver_ts_m_mei_firmware

vendor=digi AND product=portserver_ts_m_mei AND version=-

AND

vendor=digi AND product=6350-sr_firmware

vendor=digi AND product=6350-sr AND version=-

AND

vendor=digi AND product=portserver_ts_p_mei_firmware

vendor=digi AND product=portserver_ts_p_mei AND version=-

AND

vendor=digi AND product=transport_wr11_xt_firmware

vendor=digi AND product=transport_wr11_xt AND version=-

AND

vendor=digi AND product=one_ia_firmware

vendor=digi AND product=one_ia AND version=-

AND

vendor=digi AND product=wr31_firmware

vendor=digi AND product=wr31 AND version=-

AND

vendor=digi AND product=wr44_r_firmware

vendor=digi AND product=wr44_r AND version=-

AND

vendor=digi AND product=connect_es_firmware

vendor=digi AND product=connect_es AND version=-

AND

vendor=digi AND product=wr21_firmware

vendor=digi AND product=wr21 AND version=-

AND

vendor=digi AND product=connectcore_8x_firmware

vendor=digi AND product=connectcore_8x AND version=-

AND

vendor=digi AND product=one_iap_firmware

vendor=digi AND product=one_iap AND version=-

AND

vendor=digi AND product=one_iap_haz_firmware

vendor=digi AND product=one_iap_haz AND version=-

AND

vendor=digi AND product=connectcore_8x_sbc_pro_firmware

vendor=digi AND product=connectcore_8x_sbc_pro AND version=-

AND

vendor=digi AND product=connectcore_8x_som_dualxz_firmware

vendor=digi AND product=connectcore_8x_som_dualxz AND version=-

AND

vendor=digi AND product=connectcore_8x_som_quadxplus_firmware

vendor=digi AND product=connectcore_8x_som_quadxplus AND version=-

Reference

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt

Keywords

CVE-2021-36767

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-36767

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures