Vulnerabilities (CVE)

Filtered by vendor Digi Subscribe
Filtered by product Cm Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4299 1 Digi 39 Cm, Cm Firmware, Connect Es and 36 more 2024-02-28 N/A 8.1 HIGH
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
CVE-2021-35977 1 Digi 35 6350-sr, 6350-sr Firmware, Cm and 32 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
CVE-2021-36767 1 Digi 37 6350-sr, 6350-sr Firmware, Cm and 34 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
CVE-2021-35979 1 Digi 35 6350-sr, 6350-sr Firmware, Cm and 32 more 2024-02-28 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.