U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

Published: August 31, 2023; 5:15:09 PM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2021-36767

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.

Published: October 08, 2021; 11:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

Published: October 08, 2021; 11:15:08 AM -0400
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

Published: October 08, 2021; 11:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH