Lucene search
K

87 matches found

BDU FSTEC
BDU FSTEC
added 2024/10/09 12:0 a.m.7 views

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper restrictions on path names to the restricted directory. This allows attackers to load arbitrary files with root privileges.

The vulnerability of software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network lies in improper path name restrictions in the access-controlled directory. Exploiting this vulnerability allows an attacker to download...

7.8CVSS7.7AI score0.69248EPSS
Exploits1References6Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/09/03 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-20124

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.3AI score0.69248EPSS
Exploits1References1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.36 views

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.9AI score0.69248EPSS
In wildExploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.27 views

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.9AI score0.74279EPSS
In wildExploits1
VulnCheck KEV
VulnCheck KEV
added 2024/07/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-20123

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.4AI score0.74279EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2021/11/17 12:0 a.m.11 views

Draytek VigorConnect Cross-Site Request Forgery (CVE-2021-20126)

A cross-site request forgery vulnerability exists in Draytek VigorConnect. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...

6.8CVSS8.2AI score0.00612EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2021/11/17 12:0 a.m.8 views

Draytek VigorConnect Arbitrary File Upload (CVE-2021-20125)

An arbitrary file upload vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files to the affected system...

10CVSS9.1AI score0.03823EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2021/11/11 12:0 a.m.4 views

Draytek VigorConnect Directory Traversal (CVE-2021-20123)

A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

7.8CVSS7.2AI score0.74279EPSS
Exploits1
NCSC
NCSC
added 2021/11/09 12:0 a.m.4 views

Vulnerability fixed in Draytek VigorConnect

Draytek has fixed a vulnerability in VigorConnect, the management software for Draytek networking equipment. A unauthenticated malicious person could exploit the vulnerability to download arbitrary files from the vulnerable system and thus gather information about the underlying system. The...

7.8CVSS6.7AI score0.69248EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/11/08 12:0 a.m.13 views

Draytek VigorConnect Web UI Detection

Binary data draytekvigorconnect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/11/08 12:0 a.m.33 views

Draytek VigorConnect LFI (CVE-2021-20123)

Binary data draytekvigorconnectcve-2021-20123.nbin...

7.8CVSS7.7AI score0.74279EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2021/11/07 12:0 a.m.15 views

Draytek VigorConnect Directory Traversal (CVE-2021-20124)

A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access arbitrary files on the affected system...

7.8CVSS7.4AI score0.69248EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.14 views

Draytek VigorConnect Arbitrary File Upload and Directory Traversal Vulnerability

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...

10CVSS4.5AI score0.03823EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.16 views

Draytek VigorConnect Local File Inclusion Vulnerability (CNVD-2021-81961)

VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download function of the DownloadFileServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary file...

7.8CVSS4.4AI score0.74279EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.16 views

Draytek VigorConnect Local File Inclusion Vulnerability

VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary files fr...

7.8CVSS4.2AI score0.69248EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.20 views

Draytek VigorConnect Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability exists in the Profile Name field of the Floor Plan Network Menu page in Draytek VigorConnect version 1.6.0-B3, the native network management software for DrayTek devices. The vulnerability stems from improper validation of user input. An attacker could...

3.5CVSS2.8AI score0.00551EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.14 views

Draytek VigorConnect Information Disclosure Vulnerability

VigorConnect is the local network management software for DrayTek devices.An information disclosure vulnerability exists in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to export system logs...

5CVSS3AI score0.01644EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.17 views

Draytek VigorConnect Arbitrary File Deletion Vulnerability

VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywher...

8.5CVSS4.7AI score0.01095EPSS
Exploits1
CNVD
CNVD
added 2021/10/14 12:0 a.m.15 views

Draytek VigorConnect Cross-Site Request Forgery Vulnerability

VigorConnect is the native network management software for DrayTek devices.A cross-site request forgery vulnerability exists in Draytek VigorConnect version 1.6.0-B3. No details of the vulnerability are currently available...

6.8CVSS3.9AI score0.00612EPSS
Exploits1
OSV
OSV
added 2021/10/13 4:15 p.m.6 views

CVE-2021-20129

An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs...

7.5CVSS5.8AI score0.01644EPSS
Exploits1References1
Rows per page
Query Builder