Vigorconnect

vigorconnect

Vendor: Draytek • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-20129 1Draytek 1Vigorconnect Nov 21, 2024 Oct 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
CVE-2021-20128 1Draytek 1Vigorconnect Nov 21, 2024 Oct 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
CVE-2021-20127 1Draytek 1Vigorconnect Nov 21, 2024 Oct 13, 2021 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any locatio...Show more An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.Show less
CVE-2021-20126 1Draytek 1Vigorconnect Nov 21, 2024 Oct 13, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the reques...Show more Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Show less
CVE-2021-20125 1Draytek 1Vigorconnect Nov 21, 2024 Oct 13, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerabilit...Show more An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.Show less
CVE-2021-20124 1Draytek 1Vigorconnect Nov 3, 2025 Oct 13, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitr...Show more A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.Show less
CVE-2021-20123 1Draytek 1Vigorconnect Nov 3, 2025 Oct 13, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to downlo...Show more A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.Show less