CVE-2021-37188
moderate-risk
Published 2021-12-10
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Do I need to act?
-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (9)
Transport Dr64 Firmware
Transport Dr64 Firmware
Transport Vc74 Firmware
Transport Wr11 Firmware
Transport Wr11 Xt Firmware
Transport Wr21 Firmware
Transport Wr31 Firmware
Transport Wr41 Firmware
Transport Wr44 Firmware
Affected Vendors
References (4)
Third Party Advisory
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
Vendor Advisory
https://www.digi.com/search/results?q=transport
Third Party Advisory
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt
Vendor Advisory
https://www.digi.com/search/results?q=transport
46
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
1/34 · Minimal
Exposure
15/34 · Moderate