Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35979 | 1 Digi | 37 6350-sr, 6350-sr Firmware, Cm and 34 more | 2022-07-12 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication. | |||||
CVE-2021-36767 | 1 Digi | 45 6350-sr, 6350-sr Firmware, Cm and 42 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | |||||
CVE-2021-35977 | 1 Digi | 37 6350-sr, 6350-sr Firmware, Cm and 34 more | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. |