CVE-2021-38412
9.6 CRITICALProperly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not ...
Published: 2021-09-17 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 9.6 CRITICAL
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
- CWE
- CWE-287, CWE-306
Affected products
| Vendor | Product |
|---|---|
| digi | portserver_ts_16_firmware |
Description
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
- CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2018-25437 — WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)