CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
digitransport_dr64_firmware
𝑥
≤ 5.2.4.9
digitransport_dr64_firmware
-
digitransport_vc74_firmware
𝑥
≤ 5.2.4.9
digitransport_wr11_firmware
𝑥
≤ 8.2.1.3
digitransport_wr11_xt_firmware
𝑥
≤ 8.2.1.3
digitransport_wr21_firmware
𝑥
≤ 8.2.1.3
digitransport_wr31_firmware
𝑥
≤ 8.2.1.3
digitransport_wr41_firmware
5.0.0.0 ≤
𝑥
≤ 5.2.4.6
digitransport_wr41_firmware
6.0.0.0 ≤
𝑥
≤ 6.1.3.5
digitransport_wr41_firmware
8.0.0.0 ≤
𝑥
≤ 8.3.1.2
digitransport_wr44_firmware
𝑥
≤ 8.3.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
https://www.digi.com/search/results?q=transport
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
https://www.digi.com/search/results?q=transport