Lucene search
+L

87 matches found

osv
osv
added 2021/10/13 4:15 p.m.3 views

CVE-2021-20125

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root...

9.8CVSS5.9AI score0.03823EPSS
Exploits1References1
osv
osv
added 2021/10/13 4:15 p.m.3 views

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.5CVSS7.5AI score0.69248EPSS
Exploits1References2
nvd
nvd
added 2021/10/13 4:15 p.m.21 views

CVE-2021-20126

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

8.8CVSS0.00612EPSS
Exploits1References1
nvd
nvd
added 2021/10/13 4:15 p.m.16 views

CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS0.69248EPSS
Exploits1References2
osv
osv
added 2021/10/13 4:15 p.m.6 views

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

8.1CVSS5.9AI score0.01095EPSS
Exploits1References1
osv
osv
added 2021/10/13 4:15 p.m.7 views

CVE-2021-20129

An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs...

7.5CVSS5.8AI score0.01644EPSS
Exploits1References1
nvd
nvd
added 2021/10/13 4:15 p.m.19 views

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

8.5CVSS0.01095EPSS
Exploits1References1
osv
osv
added 2021/10/13 4:15 p.m.2 views

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.5CVSS7.5AI score0.74279EPSS
Exploits1References2
osv
osv
added 2021/10/13 4:15 p.m.5 views

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

5.4CVSS5.7AI score0.00551EPSS
Exploits1References1
osv
osv
added 2021/10/13 4:15 p.m.5 views

CVE-2021-20126

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

8.8CVSS5.7AI score0.00612EPSS
Exploits1References1
nvd
nvd
added 2021/10/13 4:15 p.m.23 views

CVE-2021-20128

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

5.4CVSS0.00551EPSS
Exploits1References1
nvd
nvd
added 2021/10/13 4:15 p.m.20 views

CVE-2021-20125

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root...

10CVSS0.03823EPSS
Exploits1References1
nvd
nvd
added 2021/10/13 4:15 p.m.19 views

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS0.74279EPSS
Exploits1References2
prion
prion
added 2021/10/13 4:15 p.m.15 views

Remote file inclusion

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.4AI score0.74279EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.11 views

Directory traversal

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root...

10CVSS9.4AI score0.03823EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.17 views

Remote file inclusion

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS7.4AI score0.69248EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.14 views

Design/Logic Flaw

The Profile Name field in the floor plan Network Menu page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized...

3.5CVSS5.4AI score0.00551EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.14 views

Arbitrary file deletion

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

8.5CVSS7.9AI score0.01095EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.20 views

Information disclosure

An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs...

5CVSS7.2AI score0.01644EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/10/13 4:15 p.m.14 views

Cross site request forgery (csrf)

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

6.8CVSS8.6AI score0.00612EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder