An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway.
2021-12-10T13:15:07.710
2024-11-21T06:14:49.460
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | digi | transport_dr64_firmware | ≤ 5.2.4.9 | Yes |
| Hardware | digi | transport_dr64 | - | No |
| Operating System | digi | transport_dr64_firmware | - | Yes |
| Hardware | digi | transport_sr44 | - | No |
| Operating System | digi | transport_vc74_firmware | ≤ 5.2.4.9 | Yes |
| Hardware | digi | transport_vc74 | - | No |
| Operating System | digi | transport_wr11_firmware | ≤ 8.2.1.3 | Yes |
| Hardware | digi | transport_wr11 | - | No |
| Operating System | digi | transport_wr11_xt_firmware | ≤ 8.2.1.3 | Yes |
| Hardware | digi | transport_wr11_xt | - | No |
| Operating System | digi | transport_wr21_firmware | ≤ 8.2.1.3 | Yes |
| Hardware | digi | transport_wr21 | - | No |
| Operating System | digi | transport_wr31_firmware | ≤ 8.2.1.3 | Yes |
| Hardware | digi | transport_wr31 | - | No |
| Operating System | digi | transport_wr41_firmware | ≤ 5.2.4.6 | Yes |
| Operating System | digi | transport_wr41_firmware | ≤ 6.1.3.5 | Yes |
| Operating System | digi | transport_wr41_firmware | ≤ 8.3.1.2 | Yes |
| Hardware | digi | transport_wr41 | - | No |
| Operating System | digi | transport_wr44_firmware | ≤ 8.3.1.2 | Yes |
| Hardware | digi | transport_wr44 | v2 | No |