CVE-2021-37188 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
digi	transport_dr64_firmware	𝑥 ≤ 5.2.4.9
digi	transport_dr64_firmware	-
digi	transport_vc74_firmware	𝑥 ≤ 5.2.4.9
digi	transport_wr11_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr11_xt_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr21_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr31_firmware	𝑥 ≤ 8.2.1.3
digi	transport_wr41_firmware	5.0.0.0 ≤ 𝑥 ≤ 5.2.4.6
digi	transport_wr41_firmware	6.0.0.0 ≤ 𝑥 ≤ 6.1.3.5
digi	transport_wr41_firmware	8.0.0.0 ≤ 𝑥 ≤ 8.3.1.2
digi	transport_wr44_firmware	𝑥 ≤ 8.3.1.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

https://www.digi.com/search/results?q=transport

https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

https://www.digi.com/search/results?q=transport