Draytek VigorConnect 6.0-B3 - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id: CVE-2021-201...

Draytek VigorConnect 1.6.0-B - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id:...

EUVD-2021-7582

Malicious code in bioql PyPI...

EUVD-2021-7583

Malicious code in bioql PyPI...

EUVD-2021-7584

Malicious code in bioql PyPI...

EUVD-2021-7585

Malicious code in bioql PyPI...

EUVD-2021-7586

Malicious code in bioql PyPI...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20125

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root...

CVE-2021-20129

An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs...

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20126

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

The vulnerability in the Profile Name field of the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a attacker to perform XSS attacks.

The vulnerability of the Profile Name field in software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability cou...

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in the inter-site requests that are forged. This allows a perpetrator to carry out a CSRF attack.

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow a remote attacker to…...

The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a malicious actor to upload arbitrary files with root privileges.

The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited download of dangerous types of files. Exploiting this vulnerability could...

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in the lack of access control. This allows a malicious user to delete any files with root privileges.

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to delete any files with root privileges...

Draytek VigorConnect Unauthenticated LFI (CVE-2021-20124)

Binary data draytekvigorconnectcve-2021-20124.nbin...

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper restrictions on path names to the restricted directory. This allows attackers to load arbitrary files with root privileges.

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper path name restrictions for accessing the restricted directory. Exploiting this vulnerability allows a remote attacker to...