CVE-2021-37188
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Se ha detectado un problema en los dispositivos Digi TransPort versiones hasta 21-07-2021. Un atacante autenticado puede cargar un firmware personalizado (porque el cargador de arranque no verifica que sea auténtico), cambiando el comportamiento de la puerta de enlace
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-07-21 CVE Reserved
- 2021-12-10 CVE Published
- 2023-07-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.digi.com/search/results?q=transport | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digi Search vendor "Digi" | Transport Dr64 Firmware Search vendor "Digi" for product "Transport Dr64 Firmware" | <= 5.2.4.9 Search vendor "Digi" for product "Transport Dr64 Firmware" and version " <= 5.2.4.9" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Dr64 Search vendor "Digi" for product "Transport Dr64" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Dr64 Firmware Search vendor "Digi" for product "Transport Dr64 Firmware" | - | - |
Affected
| in | Digi Search vendor "Digi" | Transport Sr44 Search vendor "Digi" for product "Transport Sr44" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Vc74 Firmware Search vendor "Digi" for product "Transport Vc74 Firmware" | <= 5.2.4.9 Search vendor "Digi" for product "Transport Vc74 Firmware" and version " <= 5.2.4.9" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Vc74 Search vendor "Digi" for product "Transport Vc74" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Firmware Search vendor "Digi" for product "Transport Wr11 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr11 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Search vendor "Digi" for product "Transport Wr11" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr11 Xt Firmware Search vendor "Digi" for product "Transport Wr11 Xt Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr11 Xt Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr11 Xt Search vendor "Digi" for product "Transport Wr11 Xt" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr21 Firmware Search vendor "Digi" for product "Transport Wr21 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr21 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr21 Search vendor "Digi" for product "Transport Wr21" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr31 Firmware Search vendor "Digi" for product "Transport Wr31 Firmware" | <= 8.2.1.3 Search vendor "Digi" for product "Transport Wr31 Firmware" and version " <= 8.2.1.3" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr31 Search vendor "Digi" for product "Transport Wr31" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 5.0.0.0 <= 5.2.4.6 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 5.0.0.0 <= 5.2.4.6" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 6.0.0.0 <= 6.1.3.5 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 6.0.0.0 <= 6.1.3.5" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr41 Firmware Search vendor "Digi" for product "Transport Wr41 Firmware" | >= 8.0.0.0 <= 8.3.1.2 Search vendor "Digi" for product "Transport Wr41 Firmware" and version " >= 8.0.0.0 <= 8.3.1.2" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr41 Search vendor "Digi" for product "Transport Wr41" | - | - |
Safe
|
| Digi Search vendor "Digi" | Transport Wr44 Firmware Search vendor "Digi" for product "Transport Wr44 Firmware" | <= 8.3.1.2 Search vendor "Digi" for product "Transport Wr44 Firmware" and version " <= 8.3.1.2" | - |
Affected
| in | Digi Search vendor "Digi" | Transport Wr44 Search vendor "Digi" for product "Transport Wr44" | v2 Search vendor "Digi" for product "Transport Wr44" and version "v2" | - |
Safe
|