An issue exists in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digi transport_dr64_firmware |
||
digi transport_sr44_firmware |
||
digi transport_vc74_firmware |
||
digi transport_wr11_firmware |
||
digi transport_wr11_xt_firmware |
||
digi transport_wr21_firmware |
||
digi transport_wr31_firmware |
||
digi transport_wr41_firmware |
||
digi transport_wr44_firmware |