This page lists publicly disclosed CVE vulnerabilities affecting digi cm_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-4299 | Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | [email protected] | 9.0 | 0.55% | 2023-08-31 | 2024-11-21 |
| CVE-2021-36767 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | [email protected] | 9.8 | 0.66% | 2021-10-08 | 2024-11-21 |
| CVE-2021-35979 | An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication. | [email protected] | 8.1 | 0.86% | 2021-10-08 | 2024-11-21 |
| CVE-2021-35977 | An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. | [email protected] | 9.8 | 1.53% | 2021-10-08 | 2024-11-21 |