📦

one_iap_haz

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.36% Exploit Prob.

Latest CVE CVE-2021-36767 Oct 08

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

EPSS: 0.36%

Severity: CRITICAL

Oct 08, 2021

Displaying 1 of 1 Total Entries

Total 1 Sections