Filtered by vendor Draytek
Subscriptions
Filtered by product Vigorconnect
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20123 | 1 Draytek | 1 Vigorconnect | 2024-09-05 | 7.5 High |
| A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | ||||
| CVE-2021-20124 | 1 Draytek | 1 Vigorconnect | 2024-09-05 | 7.5 High |
| A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | ||||
| CVE-2021-20126 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 8.8 High |
| Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | ||||
| CVE-2021-20125 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 9.8 Critical |
| An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | ||||
| CVE-2021-20128 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 5.4 Medium |
| The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. | ||||
| CVE-2021-20129 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 7.5 High |
| An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | ||||
| CVE-2021-20127 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 8.1 High |
| An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. | ||||
Page 1 of 1.