CVE & CISA-KEV Catalog

CVE-2021-31895

HIGHEPSS 81th pctl
8.1
CVSS v3
NVD

Description

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

How to fix

Remediation Available
ruggedcom ros i800NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros i801NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros i802NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros i803NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros m2100NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros m2200NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros m969NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmcNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmc20NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmc30NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmc40NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmc41NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rmc8388NVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rp110NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs400NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs401NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs416NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs416v2NVD
Affected:>= 5.5.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rs8000NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs8000aNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs8000hNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs8000tNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs900NVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rs900gNVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rs900gpNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs900lNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs900wNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs910NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs910lNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs910wNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs920lNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs920wNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs930lNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs930wNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs940gNVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rs969NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rsg2100NVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg2100pNVD
Affected:>= 5.0.0, < 5.3.4Fixed in:5.3.4CVE-2021-31895derived from NVD
ruggedcom ros rsg2200NVD
Affected:< 4.3.7Fixed in:4.3.7CVE-2021-31895derived from NVD
ruggedcom ros rsg2288NVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg2300NVD
Affected:>= 5.0.0, < 5.3.4Fixed in:5.3.4CVE-2021-31895derived from NVD
ruggedcom ros rsg2300pNVD
Affected:>= 5.5.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg2488NVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg900NVD
Affected:>= 5.5.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg900cNVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg900gNVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg900rNVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsg920pNVD
Affected:>= 5.0.0, < 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rsl910NVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rst2228NVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rst916cNVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD
ruggedcom ros rst916pNVD
Affected:< 5.5.4Fixed in:5.5.4CVE-2021-31895derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

2.28%probability of exploitation in 30 days
81stpercentile

Elevated risk: more likely to be exploited than 81% of all known CVEs.

References

Vendor Advisory1
Other references1

Related Vulnerabilities

Other CWE-120 (Classic Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0195Medium6.8100%-Fix
CVE-2017-7269Critical9.8100%KEV-
CVE-2019-11043High8.799%KEV + RansomFix
CVE-2011-4862High10.095%-Fix
CVE-2007-5659High7.894%KEVFix
CVE-2022-3786High7.591%-Fix
Embed a live status badge for CVE-2021-31895
CVE-2021-31895 severity badge

Markdown

[![CVE-2021-31895](https://tridentstack.com/cve/badge/CVE-2021-31895.svg)](https://tridentstack.com/cve/CVE-2021-31895)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-31895"><img src="https://tridentstack.com/cve/badge/CVE-2021-31895.svg" alt="CVE-2021-31895"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-14.