📦

connectport_lts_8\/16\/32

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.42% Exploit Prob.

Latest CVE CVE-2023-4299 Aug 31

Security Vulnerability Index

Page 1 / 1

9.0 CVSS

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

EPSS: 0.02%

Severity: CRITICAL

Aug 31, 2023

9.8 CVSS

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

EPSS: 0.36%

Severity: CRITICAL

Oct 08, 2021

8.1 CVSS

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

EPSS: 0.29%

Severity: HIGH

Oct 08, 2021

9.8 CVSS

CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

EPSS: 1.03%

Severity: CRITICAL

Oct 08, 2021

Displaying 4 of 4 Total Entries

Total 1 Sections