CVE-2021-37187

MEDIUM

Digi Transport Dr64 Firmware - Insufficiently Protected Credentials

Title source: rule

Description

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords.

References (2)

[Third Party Advisory] https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt

[Vendor Advisory] https://www.digi.com/search/results?q=transport

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 53.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (9)

digi/transport_dr64_firmware < 5.2.4.9

digi/transport_dr64_firmware

digi/transport_vc74_firmware < 5.2.4.9

digi/transport_wr11_firmware < 8.2.1.3

digi/transport_wr11_xt_firmware < 8.2.1.3

digi/transport_wr21_firmware < 8.2.1.3

digi/transport_wr31_firmware < 8.2.1.3

digi/transport_wr41_firmware < 5.2.4.6

digi/transport_wr44_firmware < 8.3.1.2

Timeline

Published Dec 10, 2021

Tracked Since Feb 18, 2026