87 matches found
The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper restrictions on path names to the restricted directory. This allows attackers to load arbitrary files with root privileges.
The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper path name restrictions in the access-controlled directory. Exploiting this vulnerability allows an attacker to download...
VulnCheck KEV: CVE-2021-20124
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
VulnCheck KEV: CVE-2021-20123
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
Draytek VigorConnect Cross-Site Request Forgery (CVE-2021-20126)
A cross-site request forgery vulnerability exists in Draytek VigorConnect. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...
Draytek VigorConnect Arbitrary File Upload (CVE-2021-20125)
An arbitrary file upload vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files to the affected system...
Draytek VigorConnect Directory Traversal (CVE-2021-20123)
A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Vulnerability fixed in Draytek VigorConnect
Draytek has fixed a vulnerability in VigorConnect, the management software for Draytek networking equipment. A unauthenticated malicious person could exploit the vulnerability to download arbitrary files from the vulnerable system and thus gather information about the underlying system. The...
Draytek VigorConnect Web UI Detection
Binary data draytekvigorconnect.nbin...
Draytek VigorConnect LFI (CVE-2021-20123)
Binary data draytekvigorconnectcve-2021-20123.nbin...
Draytek VigorConnect Directory Traversal (CVE-2021-20124)
A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access arbitrary files on the affected system...
Draytek VigorConnect Arbitrary File Upload and Directory Traversal Vulnerability
VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...
Draytek VigorConnect Local File Inclusion Vulnerability (CNVD-2021-81961)
VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download function of the DownloadFileServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary file...
Draytek VigorConnect Local File Inclusion Vulnerability
VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary files fr...
Draytek VigorConnect Cross-Site Scripting Vulnerability
A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...
Draytek VigorConnect Information Disclosure Vulnerability
VigorConnect is the local network management software for DrayTek devices.An information disclosure vulnerability exists in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to export system logs...
Draytek VigorConnect Arbitrary File Deletion Vulnerability
VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywher...
Draytek VigorConnect Cross-Site Request Forgery Vulnerability
VigorConnect is the native network management software for DrayTek devices.A cross-site request forgery vulnerability exists in Draytek VigorConnect version 1.6.0-B3. No details of the vulnerability are currently available...
CVE-2021-20129
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs...