What is CVE-2021-37188?

CVE-2021-37188 is a vulnerability discovered on Digi TransPort devices that allows an authenticated attacker to load customized firmware and change the behavior of the gateway.

How does CVE-2021-37188 affect Digi TransPort devices?

CVE-2021-37188 affects Digi TransPort devices through 2021-07-21 by allowing an authenticated attacker to load customized firmware and change the behavior of the gateway.

What is the severity of CVE-2021-37188?

CVE-2021-37188 has a severity value of 8.8, indicating a high severity.

Which versions of Digi TransPort devices are affected by CVE-2021-37188?

Digi TransPort devices with Digi Transport Dr64 Firmware version up to 5.2.4.9 and Digi Transport Wr41 Firmware versions between 5.0.0.0 and 5.2.4.6, 6.0.0.0 and 6.1.3.5, or 8.0.0.0 and 8.3.1.2 are affected by CVE-2021-37188.

How can I fix CVE-2021-37188 on my Digi TransPort device?

To fix CVE-2021-37188, it is recommended to update the firmware of your Digi TransPort device to a version that resolves the vulnerability.

Vulnerability/
CVE-2021-37188

high

8.8

CWE

345

10/12/2021

4/8/2024

CVE-2021-37188

First published: Fri Dec 10 2021(Updated: )

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Digi Transport	<=5.2.4.9
Digi Transport Dr64 Firmware
Digi Transport
Digi Transport
Digi Transport	<=5.2.4.9
Digi Transport
Digi Transport WR11 Firmware	<=8.2.1.3
Digi Transport
Digi Transport Wr11 Firmware	<=8.2.1.3
Digi Transport
Digi WR21	<=8.2.1.3
Digi WR21
Digi WR31 Firmware	<=8.2.1.3
Digi Transport
Digi Transport	>=5.0.0.0<=5.2.4.6
Digi Transport	>=6.0.0.0<=6.1.3.5
Digi Transport	>=8.0.0.0<=8.3.1.2
Digi Transport
Digi WR44 R	<=8.3.1.2
Digi Transport	=v2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-37188?
CVE-2021-37188 is a vulnerability discovered on Digi TransPort devices that allows an authenticated attacker to load customized firmware and change the behavior of the gateway.
How does CVE-2021-37188 affect Digi TransPort devices?
CVE-2021-37188 affects Digi TransPort devices through 2021-07-21 by allowing an authenticated attacker to load customized firmware and change the behavior of the gateway.
What is the severity of CVE-2021-37188?
CVE-2021-37188 has a severity value of 8.8, indicating a high severity.
Which versions of Digi TransPort devices are affected by CVE-2021-37188?
Digi TransPort devices with Digi Transport Dr64 Firmware version up to 5.2.4.9 and Digi Transport Wr41 Firmware versions between 5.0.0.0 and 5.2.4.6, 6.0.0.0 and 6.1.3.5, or 8.0.0.0 and 8.3.1.2 are affected by CVE-2021-37188.
How can I fix CVE-2021-37188 on my Digi TransPort device?
To fix CVE-2021-37188, it is recommended to update the firmware of your Digi TransPort device to a version that resolves the vulnerability.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/digi
canonical/digi transport
version/digi transport/5.2.4.9
canonical/digi transport dr64 firmware
canonical/digi transport wr11 firmware
version/digi transport wr11 firmware/8.2.1.3
canonical/digi wr21
version/digi wr21/8.2.1.3
canonical/digi wr31 firmware
version/digi wr31 firmware/8.2.1.3
version/digi transport/5.0.0.0
version/digi transport/5.2.4.6
version/digi transport/6.0.0.0
version/digi transport/6.1.3.5
version/digi transport/8.0.0.0
version/digi transport/8.3.1.2
canonical/digi wr44 r
version/digi wr44 r/8.3.1.2
version/digi transport/v2