Login Sign Up

CVE-2021-35977

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Digi RealPort for Windows. The buffer overflow occurs when processing ADDP discovery response messages, potentially giving attackers full system control. Organizations using Digi RealPort for Windows through version 4.8.488.0 are affected.

💻 Affected Systems

Products:
  • Digi RealPort for Windows
Versions: Through 4.8.488.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Systems with ADDP discovery enabled are vulnerable. ADDP is typically used for device discovery in serial-over-IP applications.

📦 What is this software?

6350 Sr Firmware by Digi

View all CVEs affecting 6350 Sr Firmware →

Cm Firmware by Digi

View all CVEs affecting Cm Firmware →

Connect Es Firmware by Digi

View all CVEs affecting Connect Es Firmware →

Connectport Lts 8\/16\/32 Firmware by Digi

View all CVEs affecting Connectport Lts 8\/16\/32 Firmware →

Connectport Ts 8\/16 Firmware by Digi

View all CVEs affecting Connectport Ts 8\/16 Firmware →

One Ia Firmware by Digi

View all CVEs affecting One Ia Firmware →

One Iap Family Firmware by Digi

View all CVEs affecting One Iap Family Firmware →

Passport Integrated Console Server Firmware by Digi

View all CVEs affecting Passport Integrated Console Server Firmware →

Portserver Ts Firmware by Digi

View all CVEs affecting Portserver Ts Firmware →

Portserver Ts M Mei Firmware by Digi

View all CVEs affecting Portserver Ts M Mei Firmware →

Portserver Ts Mei Firmware by Digi

View all CVEs affecting Portserver Ts Mei Firmware →

Portserver Ts Mei Hardened Firmware by Digi

View all CVEs affecting Portserver Ts Mei Hardened Firmware →

Portserver Ts P Mei Firmware by Digi

View all CVEs affecting Portserver Ts P Mei Firmware →

Realport by Digi

View all CVEs affecting Realport →

Realport by Digi

View all CVEs affecting Realport →

Transport Wr11 Xt Firmware by Digi

View all CVEs affecting Transport Wr11 Xt Firmware →

Wr21 Firmware by Digi

View all CVEs affecting Wr21 Firmware →

Wr31 Firmware by Digi

View all CVEs affecting Wr31 Firmware →

Wr44 R Firmware by Digi

View all CVEs affecting Wr44 R Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to system takeover, lateral movement within networks, and potential data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls, potentially only denial of service.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication via network-accessible ADDP services.
🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated attackers to compromise systems on the same network segment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending specially crafted ADDP discovery response messages to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.8.489.0 and later

Vendor Advisory: https://www.digi.com/resources/security

Restart Required: Yes

Instructions:

1. Download latest Digi RealPort installer from Digi website. 2. Uninstall current version. 3. Install updated version 4.8.489.0 or later. 4. Restart system.

🔧 Temporary Workarounds

Block ADDP Traffic

windows

Block ADDP protocol traffic (UDP port 2362) at network perimeter and between network segments.

Windows Firewall: netsh advfirewall firewall add rule name="Block ADDP" dir=in action=block protocol=UDP localport=2362
netsh advfirewall firewall add rule name="Block ADDP Out" dir=out action=block protocol=UDP remoteport=2362

Disable ADDP Discovery

windows

Disable ADDP discovery feature in Digi RealPort configuration if not required.

🧯 If You Can't Patch

  • Segment networks to isolate Digi RealPort systems from untrusted networks
  • Implement strict firewall rules to allow ADDP traffic only from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check Digi RealPort version in Control Panel > Programs and Features. If version is 4.8.488.0 or earlier, system is vulnerable.

Check Version:

wmic product where "name like 'Digi RealPort%'" get version

Verify Fix Applied:

Verify installed version is 4.8.489.0 or later in Control Panel > Programs and Features.

📡 Detection & Monitoring

Log Indicators:

  • Multiple ADDP protocol errors or crashes in Digi RealPort logs
  • Windows Event Logs showing application crashes for Digi RealPort

Network Indicators:

  • Unusual ADDP traffic patterns, especially large ADDP packets
  • ADDP traffic from unexpected sources

SIEM Query:

source="windows" AND (event_id=1000 OR event_id=1001) AND process_name="RealPort.exe"

📊 Metadata

CVE ID: CVE-2021-35977
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: October 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35977, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)