cbcvebase.
CVE-2021-38412
published 2021-09-17

CVE-2021-38412: Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.26%
66.0th percentile
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.

Affected

3 ranges
VendorProductVersion rangeFixed in
digiportserver_ts_16_firmware
digiportserver_ts_16_firmware
digi_internationalportserver_ts_16Firmware – 82000684

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated POST requests to web resources on Digi PortServer TS 16 HTTP/HTTPS servers (ports 80/443); legitimate management should require authentication tokens — alert on POST requests lacking auth headers/tokens to this device's web interface.
  • Monitor for unexpected SNMP service enablement or SNMP community string changes on Digi PortServer TS 16 devices, which may indicate post-exploitation activity following unauthenticated POST abuse.
  • Flag Digi PortServer TS 16 devices running firmware versions 82000684 or 82000685 as vulnerable; inventory and prioritize these for network isolation.
  • Successful exploitation grants command execution and CLI access; monitor for unexpected command-line activity or configuration changes originating from the device's management interface.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication, reducing (but not eliminating) immediate exploitation risk.
  • ·The vulnerability is exploitable from adjacent network (AV:A per CVSS vector), not directly from the internet, so network segmentation is a highly effective control.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.