Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-36767
HistoryOct 08, 2021 - 3:15 p.m.

CVE-2021-36767

2021-10-0815:15:09
CWE-916
[email protected]
web.nvd.nist.gov
35
cve-2021-36767
digi realport
authentication
vulnerability
unauthenticated request
weakly-hashed
server password

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server’s access password. The attacker may then crack this hash offline in order to successfully login to the server.

Affected configurations

NVD
Node
digirealportRange1.9-40linux
OR
digirealportRange4.10.490windows
Node
digiconnectport_ts_8\/16_firmware
AND
digiconnectport_ts_8\/16Match-
Node
digiconnectport_lts_8\/16\/32_firmware
AND
digiconnectport_lts_8\/16\/32Match-
Node
digipassport_integrated_console_server_firmware
AND
digipassport_integrated_console_serverMatch-
Node
digicm_firmware
AND
digicmMatch-
Node
digiportserver_ts_firmware
AND
digiportserver_tsMatch-
Node
digiportserver_ts_mei_firmware
AND
digiportserver_ts_meiMatch-
Node
digiportserver_ts_mei_hardened_firmware
AND
digiportserver_ts_mei_hardenedMatch-
Node
digiportserver_ts_m_mei_firmware
AND
digiportserver_ts_m_meiMatch-
Node
digi6350-sr_firmware
AND
digi6350-srMatch-
Node
digiportserver_ts_p_mei_firmware
AND
digiportserver_ts_p_meiMatch-
Node
digitransport_wr11_xtMatch-
AND
digitransport_wr11_xt_firmware
Node
digione_iaMatch-
AND
digione_ia_firmware
Node
digiwr31Match-
AND
digiwr31_firmware
Node
digiwr44_rMatch-
AND
digiwr44_r_firmware
Node
digiconnect_esMatch-
AND
digiconnect_es_firmware
Node
digiwr21Match-
AND
digiwr21_firmware
Node
digione_iapMatch-
AND
digione_iap_firmware
Node
digione_iap_hazMatch-
AND
digione_iap_haz_firmware

Related

prion 1
nvd 1
cnvd 1
cvelist 1
prion
prion
Design/Logic Flaw
2021-10-08 15:15:00
nvd
nvd
CVE-2021-36767
2021-10-08 15:15:09
cnvd
cnvd
Digi RealPort has an unspecified vulnerability
2021-10-11 00:00:00
cvelist
cvelist
CVE-2021-36767
2021-10-08 14:22:57

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for CVE-2021-36767
prion1nvd1cnvd1cvelist1