Description
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01
Scores
CVSS v3
9.6
EPSS
0.0126
EPSS Percentile
65.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-287
CWE-306
Status
published
Products (2)
digi/portserver_ts_16_firmware
82000684
digi/portserver_ts_16_firmware
82000685
Published
Sep 17, 2021
Tracked Since
Feb 18, 2026