Cm_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Cm_firmware
(Digi)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	4

Date	Id	Summary	Products	Score	Patch	Annotated
2021-10-08	CVE-2021-36767	In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.	6350\-Sr_firmware, Cm_firmware, Connect_es_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_firmware, One_iap_haz_firmware, Passport_integrated_console_server_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware	9.8
2023-08-31	CVE-2023-4299	Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.	Cm_firmware, Connect_es_firmware, Connect_sp_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_firmware, One_sp_firmware, One_sp_ia_firmware, Passport_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware	8.1
2021-10-08	CVE-2021-35977	An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.	6350\-Sr_firmware, Cm_firmware, Connect_es_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_family_firmware, Passport_integrated_console_server_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware	9.8
2021-10-08	CVE-2021-35979	An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.	6350\-Sr_firmware, Cm_firmware, Connect_es_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_family_firmware, Passport_integrated_console_server_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware	8.1