First published: Fri Dec 10 2021(Updated: )
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Transport Dr64 Firmware | <=5.2.4.9 | |
Digi TransPort DR64 | ||
Digi Transport Dr64 Firmware | ||
Digi Transport Sr44 | ||
Digi Transport Vc74 Firmware | <=5.2.4.9 | |
Digi Transport Vc74 | ||
Digi Transport Wr11 Firmware | <=8.2.1.3 | |
Digi Transport Wr11 | ||
Digi Transport Wr11 Xt Firmware | <=8.2.1.3 | |
Digi Transport Wr11 Xt | ||
Digi Transport Wr21 Firmware | <=8.2.1.3 | |
Digi TransPort WR21 | ||
Digi Transport Wr31 Firmware | <=8.2.1.3 | |
Digi Transport Wr31 | ||
Digi Transport Wr41 Firmware | >=5.0.0.0<=5.2.4.6 | |
Digi Transport Wr41 Firmware | >=6.0.0.0<=6.1.3.5 | |
Digi Transport Wr41 Firmware | >=8.0.0.0<=8.3.1.2 | |
Digi Transport Wr41 | ||
Digi Transport Wr44 Firmware | <=8.3.1.2 | |
Digi Transport Wr44 | =v2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37188 is a vulnerability discovered on Digi TransPort devices that allows an authenticated attacker to load customized firmware and change the behavior of the gateway.
CVE-2021-37188 affects Digi TransPort devices through 2021-07-21 by allowing an authenticated attacker to load customized firmware and change the behavior of the gateway.
CVE-2021-37188 has a severity value of 8.8, indicating a high severity.
Digi TransPort devices with Digi Transport Dr64 Firmware version up to 5.2.4.9 and Digi Transport Wr41 Firmware versions between 5.0.0.0 and 5.2.4.6, 6.0.0.0 and 6.1.3.5, or 8.0.0.0 and 8.3.1.2 are affected by CVE-2021-37188.
To fix CVE-2021-37188, it is recommended to update the firmware of your Digi TransPort device to a version that resolves the vulnerability.