📦

transport_vc74

Vendor: digi

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 2.88% Exploit Prob.

Latest CVE CVE-2021-37188 Dec 10

Security Vulnerability Index

Page 1 / 1

8.8 CVSS

CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.

EPSS: 0.26%

Severity: HIGH

Dec 10, 2021

6.5 CVSS

CVE-2021-37187

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.

EPSS: 0.31%

Severity: MEDIUM

Dec 10, 2021

9.8 CVSS

CVE-2021-35978

RCE

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.

EPSS: 8.07%

Severity: CRITICAL

Dec 10, 2021

Displaying 3 of 3 Total Entries

Total 1 Sections