CVE-2021-36767
First published: Fri Oct 08 2021(Updated: )
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Digi Realport | <=1.9-40 | |
| Digi Realport | <=4.10.490 | |
| Digi Connectport Ts 8\/16 Firmware | ||
| Digi Connectport Ts 8\/16 | ||
| Digi Connectport Lts 8\/16\/32 Firmware | ||
| Digi Connectport Lts 8\/16\/32 | ||
| Digi Passport Integrated Console Server Firmware | ||
| Digi Passport Integrated Console Server | ||
| Digi Cm Firmware | ||
| Digi Cm | ||
| Digi Portserver Ts Firmware | ||
| Digi Portserver Ts | ||
| Digi Portserver Ts Mei Firmware | ||
| Digi Portserver Ts Mei | ||
| Digi Portserver Ts Mei Hardened Firmware | ||
| Digi Portserver Ts Mei Hardened | ||
| Digi Portserver Ts M Mei Firmware | ||
| Digi Portserver Ts M Mei | ||
| Digi 6350-sr Firmware | ||
| Digi 6350-sr | ||
| Digi Portserver Ts P Mei Firmware | ||
| Digi Portserver Ts P Mei | ||
| Digi Transport Wr11 Xt Firmware | ||
| Digi Transport Wr11 Xt | ||
| Digi One Ia Firmware | ||
| Digi One Ia | ||
| Digi Wr31 Firmware | ||
| Digi Wr31 | ||
| Digi Wr44 R Firmware | ||
| Digi Wr44 R | ||
| Digi Connect Es Firmware | ||
| Digi Connect Es | ||
| Digi Wr21 Firmware | ||
| Digi Wr21 | ||
| Digi One Iap Firmware | ||
| Digi One Iap | ||
| Digi One Iap Haz Firmware | ||
| Digi One Iap Haz |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2021-36767.
What is the severity of CVE-2021-36767?
The severity of CVE-2021-36767 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2021-36767?
Digi RealPort versions up to 4.10.490 on Linux and Windows are affected by CVE-2021-36767.
How does authentication work in Digi RealPort through 4.10.490?
Authentication in Digi RealPort through 4.10.490 relies on a challenge-response mechanism.
How can an attacker exploit CVE-2021-36767?
An attacker can send an unauthenticated request to the server to exploit CVE-2021-36767.
- collector/nvd-api
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/digi
- canonical/digi realport
- version/digi realport/1.9-40
- version/digi realport/4.10.490
- canonical/digi connectport ts 8\/16 firmware
- canonical/digi connectport ts 8\/16
- canonical/digi connectport lts 8\/16\/32 firmware
- canonical/digi connectport lts 8\/16\/32
- canonical/digi passport integrated console server firmware
- canonical/digi passport integrated console server
- canonical/digi cm firmware
- canonical/digi cm
- canonical/digi portserver ts firmware
- canonical/digi portserver ts
- canonical/digi portserver ts mei firmware
- canonical/digi portserver ts mei
- canonical/digi portserver ts mei hardened firmware
- canonical/digi portserver ts mei hardened
- canonical/digi portserver ts m mei firmware
- canonical/digi portserver ts m mei
- canonical/digi 6350-sr firmware
- canonical/digi 6350-sr
- canonical/digi portserver ts p mei firmware
- canonical/digi portserver ts p mei
- canonical/digi transport wr11 xt firmware
- canonical/digi transport wr11 xt
- canonical/digi one ia firmware
- canonical/digi one ia
- canonical/digi wr31 firmware
- canonical/digi wr31
- canonical/digi wr44 r firmware
- canonical/digi wr44 r
- canonical/digi connect es firmware
- canonical/digi connect es
- canonical/digi wr21 firmware
- canonical/digi wr21
- canonical/digi one iap firmware
- canonical/digi one iap
- canonical/digi one iap haz firmware
- canonical/digi one iap haz