Login Sign Up

CVE-2021-36767

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2021-36767 is an authentication bypass vulnerability in Digi RealPort software where the challenge-response mechanism leaks a weakly-hashed server password. Attackers can send unauthenticated requests to obtain this hash, crack it offline, and gain unauthorized access. This affects all Digi RealPort installations through version 4.10.490.

💻 Affected Systems

Products:
  • Digi RealPort
Versions: through 4.10.490
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable as the authentication mechanism itself is flawed.

📦 What is this software?

6350 Sr Firmware by Digi

View all CVEs affecting 6350 Sr Firmware →

Cm Firmware by Digi

View all CVEs affecting Cm Firmware →

Connect Es Firmware by Digi

View all CVEs affecting Connect Es Firmware →

Connectport Lts 8\/16\/32 Firmware by Digi

View all CVEs affecting Connectport Lts 8\/16\/32 Firmware →

Connectport Ts 8\/16 Firmware by Digi

View all CVEs affecting Connectport Ts 8\/16 Firmware →

One Ia Firmware by Digi

View all CVEs affecting One Ia Firmware →

One Iap Firmware by Digi

View all CVEs affecting One Iap Firmware →

One Iap Haz Firmware by Digi

View all CVEs affecting One Iap Haz Firmware →

Passport Integrated Console Server Firmware by Digi

View all CVEs affecting Passport Integrated Console Server Firmware →

Portserver Ts Firmware by Digi

View all CVEs affecting Portserver Ts Firmware →

Portserver Ts M Mei Firmware by Digi

View all CVEs affecting Portserver Ts M Mei Firmware →

Portserver Ts Mei Firmware by Digi

View all CVEs affecting Portserver Ts Mei Firmware →

Portserver Ts Mei Hardened Firmware by Digi

View all CVEs affecting Portserver Ts Mei Hardened Firmware →

Portserver Ts P Mei Firmware by Digi

View all CVEs affecting Portserver Ts P Mei Firmware →

Realport by Digi

View all CVEs affecting Realport →

Realport by Digi

View all CVEs affecting Realport →

Transport Wr11 Xt Firmware by Digi

View all CVEs affecting Transport Wr11 Xt Firmware →

Wr21 Firmware by Digi

View all CVEs affecting Wr21 Firmware →

Wr31 Firmware by Digi

View all CVEs affecting Wr31 Firmware →

Wr44 R Firmware by Digi

View all CVEs affecting Wr44 R Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Digi RealPort server allowing attackers to intercept, modify, or block serial communications, potentially disrupting industrial control systems or critical infrastructure.

🟠

Likely Case

Unauthorized access to serial port communications, data exfiltration, or service disruption for connected devices.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strong authentication controls are in place elsewhere.

🌐 Internet-Facing: HIGH - Internet-facing servers are directly exploitable without authentication.
🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only network access to the RealPort server and basic hash cracking tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.10.491 and later

Vendor Advisory: https://www.digi.com/resources/security

Restart Required: Yes

Instructions:

1. Download latest version from Digi support portal. 2. Backup configuration. 3. Install update. 4. Restart RealPort service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to RealPort servers using firewalls or network ACLs.

Disable Unused Services

windows

Disable RealPort services on systems where they are not required.

sc stop RealPort
sc config RealPort start= disabled

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate RealPort servers from untrusted networks
  • Monitor for unauthorized access attempts and implement multi-factor authentication where possible

🔍 How to Verify

Check if Vulnerable:

Check RealPort version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Digi International\RealPort\Version

Check Version:

reg query "HKLM\SOFTWARE\Digi International\RealPort" /v Version

Verify Fix Applied:

Verify version is 4.10.491 or higher and test authentication with invalid credentials.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful login
  • Multiple connection attempts from single IP

Network Indicators:

  • Unusual traffic patterns to RealPort default port 771
  • Unauthorized access to serial port resources

SIEM Query:

source="RealPort" AND (event_type="authentication" AND result="success") AND src_ip NOT IN allowed_ips

📊 Metadata

CVE ID: CVE-2021-36767
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-916
Published: October 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36767, you might also want to check these:

CVE-2020-14516 10.0

CVE-2020-14516 is a critical authentication bypass vulnerability in Rockwell Automation FactoryTalk ...

Same vulnerability type (CWE-916)
CVE-2021-32519 9.8

This vulnerability allows remote attackers to recover plain-text passwords by brute-forcing weak MD5...

Same vulnerability type (CWE-916)
CVE-2024-5743 9.8

This vulnerability in EveHome Eve Play allows attackers to exploit weak password hashing to execute ...

Same vulnerability type (CWE-916)