1. Home
  2. CVE Database
  3. CVE-2021-35978
CRITICAL · 9.8

CVE-2021-35978

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the pro...

Vulnerability Description

An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DigiTransport Dr64 Firmware<= 5.2.4.9
DigiTransport Dr64-
DigiTransport Sr44 FirmwareAll versions
DigiTransport Sr44-
DigiTransport Vc74 Firmware<= 5.2.4.9
DigiTransport Vc74-
DigiTransport Wr11 Firmware<= 8.2.1.3
DigiTransport Wr11-
DigiTransport Wr11 Xt Firmware<= 8.2.1.3
DigiTransport Wr11 Xt-
DigiTransport Wr21 Firmware<= 8.2.1.3
DigiTransport Wr21-
DigiTransport Wr31 Firmware<= 8.2.1.3
DigiTransport Wr31-
DigiTransport Wr41 Firmware>= 5.0.0.0, <= 5.2.4.6
DigiTransport Wr41-
DigiTransport Wr44 Firmware<= 8.3.1.2
DigiTransport Wr44v2

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2021-35978?

CVE-2021-35978 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the pro...

How severe is CVE-2021-35978?

CVE-2021-35978 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-35978?

Check the references section above for vendor advisories and patch information. Affected products include: Digi Transport Dr64 Firmware, Digi Transport Dr64, Digi Transport Sr44 Firmware, Digi Transport Sr44, Digi Transport Vc74 Firmware.