CVE-2021-36767 - OpenCVE

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Digi	Connect Es Firmware One Ia Firmware Passport Integrated Console Server Firmware Connectport Lts 8\/16\/32 Firmware Wr44 R Firmware Realport 6350-sr Firmware Portserver Ts Mei Hardened Firmware Wr44 R Portserver Ts Mei Hardened Portserver Ts P Mei Firmware Cm Connectport Ts 8\/16 Firmware Passport Integrated Console Server Cm Firmware One Iap Haz Firmware Wr21 Connect Es One Ia 6350-sr Connectport Ts 8\/16 Portserver Ts Transport Wr11 Xt Portserver Ts M Mei One Iap Haz One Iap Firmware Portserver Ts Mei Firmware Portserver Ts Firmware Wr31 Wr21 Firmware Transport Wr11 Xt Firmware Portserver Ts P Mei Connectport Lts 8\/16\/32 Portserver Ts Mei Wr31 Firmware One Iap Portserver Ts M Mei Firmware

Configuration 1 [-]

OR	cpe:2.3:a:digi:realport::::::linux::*
	cpe:2.3:a:digi:realport::::::windows::*

Configuration 2 [-]

AND

cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:digi:passport_integrated_console_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:passport_integrated_console_server:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:digi:cm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:digi:portserver_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:digi:portserver_ts_m_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:digi:6350-sr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:6350-sr:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:digi:portserver_ts_p_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:digi:one_ia_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:digi:wr31_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:digi:wr44_r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:digi:wr21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:digi:one_iap_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:digi:one_iap_haz_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_iap_haz:-:*:*:*:*:*:*:*

References

Link	Resource
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-08T14:22:57

Updated: 2022-01-01T00:30:16

Reserved: 2021-07-16T00:00:00

Link: CVE-2021-36767

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-08T15:15:09.037

Modified: 2023-09-25T02:30:08.853

Link: CVE-2021-36767

JSON object: View

Redhat Information

No data.

CWE

CWE-916