8.8
CVE-2021-37188
- EPSS 0.26%
- Published 10.12.2021 13:15:07
- Last modified 21.11.2024 06:14:49
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Data is provided by the National Vulnerability Database (NVD)
Digi ≫ Transport Dr64 Firmware Version <= 5.2.4.9
Digi ≫ Transport Dr64 Firmware Version-
Digi ≫ Transport Vc74 Firmware Version <= 5.2.4.9
Digi ≫ Transport Wr11 Firmware Version <= 8.2.1.3
Digi ≫ Transport Wr11 Xt Firmware Version <= 8.2.1.3
Digi ≫ Transport Wr21 Firmware Version <= 8.2.1.3
Digi ≫ Transport Wr31 Firmware Version <= 8.2.1.3
Digi ≫ Transport Wr41 Firmware Version >= 5.0.0.0 <= 5.2.4.6
Digi ≫ Transport Wr41 Firmware Version >= 6.0.0.0 <= 6.1.3.5
Digi ≫ Transport Wr41 Firmware Version >= 8.0.0.0 <= 8.3.1.2
Digi ≫ Transport Wr44 Firmware Version <= 8.3.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.488 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.