Draytek VigorConnect Cross-Site Request Forgery Vulnerability

VigorConnect is the native network management software for DrayTek devices.A cross-site request forgery vulnerability exists in Draytek VigorConnect version 1.6.0-B3. No details of the vulnerability are currently available...

Draytek VigorConnect Local File Inclusion Vulnerability

VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary files fr...

Draytek VigorConnect Arbitrary File Upload and Directory Traversal Vulnerability

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...

CVE-2021-20126

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

Draytek VigorConnect 跨站请求伪造漏洞

VigorConnect is the native network management software for DrayTek devices.A cross-site request forgery vulnerability exists in Draytek VigorConnect version 1.6.0-B3. No details of the vulnerability are currently available...

Draytek VigorConnect 代码问题漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...

Draytek VigorConnect 访问控制错误漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywher...

Draytek VigorConnect 路径遍历漏洞

VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary files fr...

Draytek VigorConnect 跨站脚本漏洞

A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...

Draytek VigorConnect 日志信息泄露漏洞

VigorConnect is the local network management software for DrayTek devices.An information disclosure vulnerability exists in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to export system logs...

PT-2021-8120 · Draytek · Draytek Vigorconnect

Name of the Vulnerable Software and Affected Versions: Draytek VigorConnect version 1.6.0-B3 Description: A local file inclusion vulnerability exists in the file download functionality of the "DownloadFileServlet" endpoint. An unauthenticated attacker could leverage this vulnerability to download...