📦

cm

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.39% Exploit Prob.

Latest CVE CVE-2023-4299 Aug 31

Security Vulnerability Index

Page 1 / 1

9.0 CVSS

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

EPSS: 0.02%

Severity: CRITICAL

Aug 31, 2023

9.8 CVSS

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

EPSS: 0.36%

Severity: CRITICAL

Oct 08, 2021

8.1 CVSS

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

EPSS: 0.29%

Severity: HIGH

Oct 08, 2021

9.8 CVSS

CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

EPSS: 1.03%

Severity: CRITICAL

Oct 08, 2021

7.5 CVSS

CVE-2018-13714

The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

EPSS: 0.24%

Severity: HIGH

Jul 09, 2018

Displaying 5 of 4 Total Entries

Total 1 Sections