CVE-2021-37187 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
digi	transport_dr64_firmware	𝑥 ≤ 5.2.4.9
digi	transport_dr64_firmware	-
digi	transport_vc74_firmware	𝑥 ≤ 5.2.4.9
digi	transport_wr11_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr11_xt_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr21_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr31_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr41_firmware	5.0.0.0 ≤ 𝑥 ≤ 5.2.4.6
digi	transport_wr41_firmware	6.0.0.0 ≤ 𝑥 ≤ 6.1.3.5
digi	transport_wr41_firmware	8.0.0.0 ≤ 𝑥 ≤ 8.3.1.2
digi	transport_wr44_firmware	𝑥 ≤ 8.3.1.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

https://www.digi.com/search/results?q=transport

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

https://www.digi.com/search/results?q=transport