CVE-2021-35977

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

Se ha detectado un problema en Digi RealPort para Windows versiones hasta 4.8.488.0. Se presenta un desbordamiento del búfer en el manejo de los mensajes de respuesta de detección ADDP. Esto podría dar lugar a una ejecución de código arbitrario

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-30 CVE Reserved
2021-10-08 CVE Published
2024-08-04 CVE Updated
2024-09-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (1)

URL	Tag	Source
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Digi Search vendor "Digi"	Connectport Ts 8\/16 Firmware Search vendor "Digi" for product "Connectport Ts 8\/16 Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Connectport Ts 8\/16 Search vendor "Digi" for product "Connectport Ts 8\/16"	-	-	Safe
Digi Search vendor "Digi"	Connectport Lts 8\/16\/32 Firmware Search vendor "Digi" for product "Connectport Lts 8\/16\/32 Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Connectport Lts 8\/16\/32 Search vendor "Digi" for product "Connectport Lts 8\/16\/32"	-	-	Safe
Digi Search vendor "Digi"	Passport Integrated Console Server Firmware Search vendor "Digi" for product "Passport Integrated Console Server Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Passport Integrated Console Server Search vendor "Digi" for product "Passport Integrated Console Server"	-	-	Safe
Digi Search vendor "Digi"	Cm Firmware Search vendor "Digi" for product "Cm Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Cm Search vendor "Digi" for product "Cm"	-	-	Safe
Digi Search vendor "Digi"	Portserver Ts Firmware Search vendor "Digi" for product "Portserver Ts Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Portserver Ts Search vendor "Digi" for product "Portserver Ts"	-	-	Safe
Digi Search vendor "Digi"	Portserver Ts Mei Firmware Search vendor "Digi" for product "Portserver Ts Mei Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Portserver Ts Mei Search vendor "Digi" for product "Portserver Ts Mei"	-	-	Safe
Digi Search vendor "Digi"	Portserver Ts Mei Hardened Firmware Search vendor "Digi" for product "Portserver Ts Mei Hardened Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Portserver Ts Mei Hardened Search vendor "Digi" for product "Portserver Ts Mei Hardened"	-	-	Safe
Digi Search vendor "Digi"	Portserver Ts M Mei Firmware Search vendor "Digi" for product "Portserver Ts M Mei Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Portserver Ts M Mei Search vendor "Digi" for product "Portserver Ts M Mei"	-	-	Safe
Digi Search vendor "Digi"	6350-sr Firmware Search vendor "Digi" for product "6350-sr Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	6350-sr Search vendor "Digi" for product "6350-sr"	-	-	Safe
Digi Search vendor "Digi"	Portserver Ts P Mei Firmware Search vendor "Digi" for product "Portserver Ts P Mei Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Portserver Ts P Mei Search vendor "Digi" for product "Portserver Ts P Mei"	-	-	Safe
Digi Search vendor "Digi"	Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt"	-	-	Safe
Digi Search vendor "Digi"	One Iap Family Firmware Search vendor "Digi" for product "One Iap Family Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	One Iap Family Search vendor "Digi" for product "One Iap Family"	-	-	Safe
Digi Search vendor "Digi"	One Ia Firmware Search vendor "Digi" for product "One Ia Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	One Ia Search vendor "Digi" for product "One Ia"	-	-	Safe
Digi Search vendor "Digi"	Wr31 Firmware Search vendor "Digi" for product "Wr31 Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Wr31 Search vendor "Digi" for product "Wr31"	-	-	Safe
Digi Search vendor "Digi"	Wr44 R Firmware Search vendor "Digi" for product "Wr44 R Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Wr44 R Search vendor "Digi" for product "Wr44 R"	-	-	Safe
Digi Search vendor "Digi"	Connect Es Firmware Search vendor "Digi" for product "Connect Es Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Connect Es Search vendor "Digi" for product "Connect Es"	-	-	Safe
Digi Search vendor "Digi"	Wr21 Firmware Search vendor "Digi" for product "Wr21 Firmware"	*	-	Affected	in	Digi Search vendor "Digi"	Wr21 Search vendor "Digi" for product "Wr21"	-	-	Safe
Digi Search vendor "Digi"		Realport Search vendor "Digi" for product "Realport"				<= 1.9-40 Search vendor "Digi" for product "Realport" and version " <= 1.9-40"		linux		Affected
Digi Search vendor "Digi"		Realport Search vendor "Digi" for product "Realport"				<= 4.8.488.0 Search vendor "Digi" for product "Realport" and version " <= 4.8.488.0"		windows		Affected