CVE-2021-37188
Severity CVSS v4.0:
Pending analysis
Type:
CWE-345
Insufficient Verification of Data Authenticity
Publication date:
10/12/2021
Last modified:
12/07/2022
Description
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:digi:transport_dr64_firmware:*:*:*:*:*:*:*:* | 5.2.4.9 (including) | |
| cpe:2.3:h:digi:transport_dr64:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_dr64_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:digi:transport_sr44:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_vc74_firmware:*:*:*:*:*:*:*:* | 5.2.4.9 (including) | |
| cpe:2.3:h:digi:transport_vc74:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_wr11_firmware:*:*:*:*:*:*:*:* | 8.2.1.3 (including) | |
| cpe:2.3:h:digi:transport_wr11:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:* | 8.2.1.3 (including) | |
| cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_wr21_firmware:*:*:*:*:*:*:*:* | 8.2.1.3 (including) | |
| cpe:2.3:h:digi:transport_wr21:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_wr31_firmware:*:*:*:*:*:*:*:* | 8.2.1.3 (including) | |
| cpe:2.3:h:digi:transport_wr31:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:digi:transport_wr41_firmware:*:*:*:*:*:*:*:* | 5.0.0.0 (including) | 5.2.4.6 (including) |
To consult the complete list of CPE names with products and versions, see this page



