7 matches found
CVE-2021-20123
Draytek VigorConnect 1.6.0-B3 exposes a local file inclusion flaw in the DownloadFileServlet, allowing an unauthenticated attacker to download arbitrary files from the host with root privileges. Affected component: DownloadFileServlet/file download functionality. Root-cause: LFI in the file downl...
CVE-2021-20124
Draytek VigorConnect 1.6.0-B3 is affected by an unauthenticated local file inclusion via the WebServlet file download endpoint. This allows arbitrary file download from the underlying OS (root privileges). Public advisories document a fix in VigorConnect 1.6.1; CISA/CIRCL/NCSC references corrobor...
CVE-2021-20125
CVE-2021-20125 affects Draytek VigorConnect 1.6.0-B3. The vulnerability exists in the DownloadFileServlet’s file-upload functionality, enabling an unauthenticated attacker to upload arbitrary files and perform directory traversal to places on the target OS with root privileges. This is documented...
CVE-2021-20128
The CVE-2021-20128 vulnerability affects DrayTek VigorConnect 1.6.0-B3, specifically the Profile Name field in the floor plan (Network Menu) page. It is a stored XSS flaw caused by improper sanitization of user input in that field. The exploit would rely on injecting malicious script via the Prof...
CVE-2021-20126
Draytek VigorConnect 1.6.0-B3 is affected by a cross-site request forgery vulnerability due to missing protections and insufficient verification that requests are intentional from the authenticated user. The available sources describe the issue and impacted version but do not provide exploit deta...
CVE-2021-20127
CVE-2021-20127 affects DrayTek VigorConnect (version 1.6.0-B3) via the Html5Servlet endpoint’s file deletion feature. An authenticated user can arbitrarily delete files anywhere on the target OS with root privileges, enabling high-impact disruption and potential data loss. The vulnerability stems...
CVE-2021-20129
CVE-2021-20129 affects Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker can export system logs via network exposure (information disclosure). Other connected sources also describe a local file inclusion risk in related endpoints (WebServlet/DownloadFileServlet) on the same version, enab...