📦

one_iap

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.19% Exploit Prob.

Latest CVE CVE-2023-4299 Aug 31

Security Vulnerability Index

Page 1 / 1

9.0 CVSS

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

EPSS: 0.02%

Severity: CRITICAL

Aug 31, 2023

9.8 CVSS

CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

EPSS: 0.36%

Severity: CRITICAL

Oct 08, 2021

Displaying 2 of 2 Total Entries

Total 1 Sections