CVE-2021-31895

Name: CVE-2021-31895
Creator: NVD / NIST
Published: 2021-07-13T11:15:09.677+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 2.28%

Last modified Jun 17, 2026

CVE-2021-31895 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. EPSS estimates a 2.28% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.28%

81.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Ruggedcom Ros I800	< 4.3.7
Siemens	Ruggedcom Ros I801	< 4.3.7
Siemens	Ruggedcom Ros I802	< 4.3.7
Siemens	Ruggedcom Ros I803	< 4.3.7
Siemens	Ruggedcom Ros M969	< 4.3.7
Siemens	Ruggedcom Ros M2100	< 4.3.7
Siemens	Ruggedcom Ros M2200	< 4.3.7
Siemens	Ruggedcom Ros Rmc	< 4.3.7
Siemens	Ruggedcom Ros Rmc20	< 4.3.7
Siemens	Ruggedcom Ros Rmc30	< 4.3.7
Siemens	Ruggedcom Ros Rmc40	< 4.3.7
Siemens	Ruggedcom Ros Rmc41	< 4.3.7
Siemens	Ruggedcom Ros Rmc8388	< 4.3.7
Siemens	Ruggedcom Ros Rmc8388	>= 5.0.0, < 5.5.4
Siemens	Ruggedcom Ros Rp110	< 4.3.7
Siemens	Ruggedcom Ros Rs400	< 4.3.7
Siemens	Ruggedcom Ros Rs401	< 4.3.7
Siemens	Ruggedcom Ros Rs416	< 4.3.7
Siemens	Ruggedcom Ros Rs416v2	< 4.3.7
Siemens	Ruggedcom Ros Rs416v2	>= 5.5.0, < 5.5.4
Siemens	Ruggedcom Ros Rs900	< 4.3.7
Siemens	Ruggedcom Ros Rs900	>= 5.0.0, < 5.5.4
Siemens	Ruggedcom Ros Rs900g	< 4.3.7
Siemens	Ruggedcom Ros Rs900g	>= 5.0.0, < 5.5.4
Siemens	Ruggedcom Ros Rs900gp	< 4.3.7
Siemens	Ruggedcom Ros Rs900l	< 4.3.7
Siemens	Ruggedcom Ros Rs900w	< 4.3.7
Siemens	Ruggedcom Ros Rs910	< 4.3.7
Siemens	Ruggedcom Ros Rs910l	< 4.3.7
Siemens	Ruggedcom Ros Rs910w	< 4.3.7
Siemens	Ruggedcom Ros Rs920l	< 4.3.7
Siemens	Ruggedcom Ros Rs920w	< 4.3.7
Siemens	Ruggedcom Ros Rs930l	< 4.3.7
Siemens	Ruggedcom Ros Rs930w	< 4.3.7
Siemens	Ruggedcom Ros Rs940g	< 4.3.7
Siemens	Ruggedcom Ros Rs969	< 4.3.7
Siemens	Ruggedcom Ros Rs8000	< 4.3.7
Siemens	Ruggedcom Ros Rs8000a	< 4.3.7
Siemens	Ruggedcom Ros Rs8000h	< 4.3.7
Siemens	Ruggedcom Ros Rs8000t	< 4.3.7
Siemens	Ruggedcom Ros Rsg900	< 4.3.7
Siemens	Ruggedcom Ros Rsg900	>= 5.5.0, < 5.5.4
Siemens	Ruggedcom Ros Rsg900c	< 5.5.4
Siemens	Ruggedcom Ros Rsg900g	< 4.3.7
Siemens	Ruggedcom Ros Rsg900g	>= 5.0.0, < 5.5.4
Siemens	Ruggedcom Ros Rsg900r	< 5.5.4
Siemens	Ruggedcom Ros Rsg920p	< 4.3.7
Siemens	Ruggedcom Ros Rsg920p	>= 5.0.0, < 5.5.4
Siemens	Ruggedcom Ros Rsg2100	< 4.3.7
Siemens	Ruggedcom Ros Rsg2100	>= 5.0.0, < 5.5.4

Showing 50 of 65 affected configurations. See NVD for the full list.

References

Timeline

Published: Jul 13, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-31895?

How severe is CVE-2021-31895?

CVE-2021-31895 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 2.28% probability of exploitation in the next 30 days.

How do I fix CVE-2021-31895?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-31895?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST