GCVE - cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Digi (`06e695c7-8864-5e4e-a0e0-7109e4ba48e8`)
Product	Portserver Ts P Mei (`8a169b37-153a-55f2-96d0-5f9aa7bfa161`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4299`	not_vulnerable	2026-06-03 14:53:27.778440	Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication CRITICAL (9) Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Published: 2023-08-31T20:45:43.866Z Updated: 2025-01-16T21:30:37.810Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-36767`	not_vulnerable	2026-06-03 14:44:59.131435	Details available In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. Published: 2021-10-08T14:22:57.000Z Updated: 2024-08-04T01:01:59.227Z Open on db.gcve.eu Reference links https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35979`	not_vulnerable	2026-06-03 14:44:57.012427	Details available An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication. Published: 2021-10-08T14:21:22.000Z Updated: 2024-08-04T00:47:42.592Z Open on db.gcve.eu Reference links https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-35977`	not_vulnerable	2026-06-03 14:44:56.986020	Details available An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution. Published: 2021-10-08T14:19:04.000Z Updated: 2024-08-04T00:47:43.502Z Open on db.gcve.eu Reference links https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.