Note:
This project will be discontinued after December 13, 2021. [more]
Product:
One_iap_haz_firmware
(Digi)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-08 | CVE-2021-36767 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | 6350\-Sr_firmware, Cm_firmware, Connect_es_firmware, Connectport_lts_8\/16\/32_firmware, Connectport_ts_8\/16_firmware, One_ia_firmware, One_iap_firmware, One_iap_haz_firmware, Passport_integrated_console_server_firmware, Portserver_ts_firmware, Portserver_ts_m_mei_firmware, Portserver_ts_mei_firmware, Portserver_ts_mei_hardened_firmware, Portserver_ts_p_mei_firmware, Realport, Transport_wr11_xt_firmware, Wr21_firmware, Wr31_firmware, Wr44_r_firmware | 9.8 |