CVE-2021-36767
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
En Digi RealPort hasta la versión 4.10.490, la autenticación se basa en un mecanismo de desafío-respuesta que da acceso a la contraseña del servidor, lo que hace que la protección sea ineficaz. Un atacante puede enviar una solicitud no autenticada al servidor. El servidor responderá con una versión débilmente codificada de la contraseña de acceso al servidor. El atacante puede entonces descifrar este hash fuera de línea con el fin de iniciar sesión con éxito en el servidor
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-07-16 CVE Reserved
- 2021-10-08 CVE Published
- 2024-06-23 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-916: Use of Password Hash With Insufficient Computational Effort
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Connectport Ts 8\/16 Firmware Search vendor "Digi" for product "Connectport Ts 8\/16 Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Connectport Ts 8\/16 Search vendor "Digi" for product "Connectport Ts 8\/16" | - | - |
Safe
|
| Digi Search vendor "Digi" | Connectport Lts 8\/16\/32 Firmware Search vendor "Digi" for product "Connectport Lts 8\/16\/32 Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Connectport Lts 8\/16\/32 Search vendor "Digi" for product "Connectport Lts 8\/16\/32" | - | - |
Safe
|
| Digi Search vendor "Digi" | Passport Integrated Console Server Firmware Search vendor "Digi" for product "Passport Integrated Console Server Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Passport Integrated Console Server Search vendor "Digi" for product "Passport Integrated Console Server" | - | - |
Safe
|
| Digi Search vendor "Digi" | Cm Firmware Search vendor "Digi" for product "Cm Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Cm Search vendor "Digi" for product "Cm" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Firmware Search vendor "Digi" for product "Portserver Ts Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Search vendor "Digi" for product "Portserver Ts" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Mei Firmware Search vendor "Digi" for product "Portserver Ts Mei Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Mei Search vendor "Digi" for product "Portserver Ts Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts Mei Hardened Firmware Search vendor "Digi" for product "Portserver Ts Mei Hardened Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts Mei Hardened Search vendor "Digi" for product "Portserver Ts Mei Hardened" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts M Mei Firmware Search vendor "Digi" for product "Portserver Ts M Mei Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts M Mei Search vendor "Digi" for product "Portserver Ts M Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | 6350-sr Firmware Search vendor "Digi" for product "6350-sr Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | 6350-sr Search vendor "Digi" for product "6350-sr" | - | - |
Safe
|
| Digi Search vendor "Digi" | Portserver Ts P Mei Firmware Search vendor "Digi" for product "Portserver Ts P Mei Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Portserver Ts P Mei Search vendor "Digi" for product "Portserver Ts P Mei" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Ia Firmware Search vendor "Digi" for product "One Ia Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | One Ia Search vendor "Digi" for product "One Ia" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr31 Firmware Search vendor "Digi" for product "Wr31 Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Wr31 Search vendor "Digi" for product "Wr31" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr44 R Firmware Search vendor "Digi" for product "Wr44 R Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Wr44 R Search vendor "Digi" for product "Wr44 R" | - | - |
Safe
|
| Digi Search vendor "Digi" | Connect Es Firmware Search vendor "Digi" for product "Connect Es Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Connect Es Search vendor "Digi" for product "Connect Es" | - | - |
Safe
|
| Digi Search vendor "Digi" | Wr21 Firmware Search vendor "Digi" for product "Wr21 Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | Wr21 Search vendor "Digi" for product "Wr21" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Iap Firmware Search vendor "Digi" for product "One Iap Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | One Iap Search vendor "Digi" for product "One Iap" | - | - |
Safe
|
| Digi Search vendor "Digi" | One Iap Haz Firmware Search vendor "Digi" for product "One Iap Haz Firmware" | * | - |
Affected
| in | Digi Search vendor "Digi" | One Iap Haz Search vendor "Digi" for product "One Iap Haz" | - | - |
Safe
|
| Digi Search vendor "Digi" | Realport Search vendor "Digi" for product "Realport" | <= 1.9-40 Search vendor "Digi" for product "Realport" and version " <= 1.9-40" | linux |
Affected
| ||||||
| Digi Search vendor "Digi" | Realport Search vendor "Digi" for product "Realport" | <= 4.10.490 Search vendor "Digi" for product "Realport" and version " <= 4.10.490" | windows |
Affected
| ||||||