CVE-2021-35978

Name of the Vulnerable Software and Affected Versions: Digi TransPort DR64 (affected versions not specified) Digi TransPort SR44 VC74 (affected versions not specified) Digi TransPort WR (affected versions not specified)

Description: An issue was discovered in the ZING protocol, allowing arbitrary remote command execution with SUPER privileges. This enables an attacker, with knowledge of the protocol, to execute arbitrary code on the controller, including overwriting firmware, adding or removing users, and disabling the internal firewall.

Recommendations: For Digi TransPort DR64, consider disabling the ZING protocol until a patch is available. For Digi TransPort SR44 VC74, restrict access to the controller to minimize the risk of exploitation. For Digi TransPort WR, avoid using the ZING protocol for remote command execution until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.