First published: Fri Dec 10 2021(Updated: )
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Transport Dr64 Firmware | <=5.2.4.9 | |
Digi TransPort DR64 | ||
Digi Transport Dr64 Firmware | ||
Digi Transport Sr44 | ||
Digi Transport Vc74 Firmware | <=5.2.4.9 | |
Digi Transport Vc74 | ||
Digi Transport Wr11 Firmware | <=8.2.1.3 | |
Digi Transport Wr11 | ||
Digi Transport Wr11 Xt Firmware | <=8.2.1.3 | |
Digi Transport Wr11 Xt | ||
Digi Transport Wr21 Firmware | <=8.2.1.3 | |
Digi TransPort WR21 | ||
Digi Transport Wr31 Firmware | <=8.2.1.3 | |
Digi Transport Wr31 | ||
Digi Transport Wr41 Firmware | >=5.0.0.0<=5.2.4.6 | |
Digi Transport Wr41 Firmware | >=6.0.0.0<=6.1.3.5 | |
Digi Transport Wr41 Firmware | >=8.0.0.0<=8.3.1.2 | |
Digi Transport Wr41 | ||
Digi Transport Wr44 Firmware | <=8.3.1.2 | |
Digi Transport Wr44 | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2021-37187.
The severity of CVE-2021-37187 is medium with a severity value of 6.5.
Digi Transport Dr64 Firmware up to version 5.2.4.9 and Digi Transport Wr41 Firmware between version 5.0.0.0 and 5.2.4.6 are affected.
An authenticated attacker can read a password file from the device, allowing decoding of other users' passwords.
You can find more information about CVE-2021-37187 at the following references: [link1] [link2]