CVE-2021-36767

Name of the Vulnerable Software and Affected Versions Digi RealPort versions 4.8.488.0 through 4.10.490

Description The authentication mechanism in Digi RealPort relies on a challenge-response system that provides access to the server password, rendering the protection ineffective. An attacker can send an unauthenticated request to the server, which will respond with a weakly-hashed version of the server's access password. This hash can then be cracked offline, allowing the attacker to successfully log in to the server.

Recommendations For versions 4.8.488.0 through 4.10.490, consider disabling the challenge-response authentication mechanism until a patch is available. Restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.