CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:digi:transport_dr64_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr41:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:digi:transport_wr44_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digi:transport_wr44:v2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-10 13:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-37188

Mitre link : CVE-2021-37188

CVE.ORG link : CVE-2021-37188


JSON object : View

Products Affected

digi

  • transport_wr44
  • transport_wr41
  • transport_wr21_firmware
  • transport_dr64_firmware
  • transport_wr11_xt
  • transport_wr11_xt_firmware
  • transport_wr41_firmware
  • transport_wr31
  • transport_wr11
  • transport_vc74_firmware
  • transport_wr21
  • transport_wr31_firmware
  • transport_wr44_firmware
  • transport_vc74
  • transport_wr11_firmware
  • transport_sr44
  • transport_dr64
CWE
CWE-345

Insufficient Verification of Data Authenticity