CVE-2021-35978
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.
Se ha detectado un problema en Digi TransPort DR64, SR44 VC74 y WR. El protocolo ZING permite una ejecución arbitraria de comandos remotos con privilegios SUPER. Esto permite a un atacante (con conocimiento del protocolo) ejecutar código arbitrario en el controlador, incluyendo la sobreescritura del firmware, la adición/eliminación de usuarios, la deshabilitación del firewall interno, etc
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-30 CVE Reserved
- 2021-12-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://digi.com | 2021-12-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Transport Dr64 Firmware Search vendor "Digi" for product "Transport Dr64 Firmware" | <= 5.2.4.9 Search vendor "Digi" for product "Transport Dr64 Firmware" and version " <= 5.2.4.9" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Dr64 Search vendor "Digi" for product "Transport Dr64" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Sr44 Firmware Search vendor "Digi" for product "Transport Sr44 Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Transport Sr44 Search vendor "Digi" for product "Transport Sr44" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Vc74 Firmware Search vendor "Digi" for product "Transport Vc74 Firmware" | <= 5.2.4.9 Search vendor "Digi" for product "Transport Vc74 Firmware" and version " <= 5.2.4.9" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Vc74 Search vendor "Digi" for product "Transport Vc74" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Firmware Search vendor "Digi" for product "Transport Wr11 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr11 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Search vendor "Digi" for product "Transport Wr11" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr11 Xt Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr21 Firmware Search vendor "Digi" for product "Transport Wr21 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr21 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr21 Search vendor "Digi" for product "Transport Wr21" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr31 Firmware Search vendor "Digi" for product "Transport Wr31 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr31 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr31 Search vendor "Digi" for product "Transport Wr31" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 5.0.0.0 <= 5.2.4.6 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 5.0.0.0 <= 5.2.4.6" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 6.0.0.0 <= 6.1.3.5 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 6.0.0.0 <= 6.1.3.5" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 8.0.0.0 <= 8.3.1.2 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 8.0.0.0 <= 8.3.1.2" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr44 Firmware Search vendor "Digi" for product "Transport Wr44 Firmware" | <= 8.3.1.2 Search vendor "Digi" for product "Transport Wr44 Firmware" and version " <= 8.3.1.2" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr44 Search vendor "Digi" for product "Transport Wr44" | v2 Search vendor "Digi" for product "Transport Wr44" and version "v2" | - |
Safe
|