RSS   Vulnerabilities for 'Vigorconnect'   RSS

2021-10-13
 
CVE-2021-20123

CWE-668
 

 
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

 
 
CVE-2021-20124

CWE-668
 

 
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

 
 
CVE-2021-20125

CWE-22
 

 
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.

 
 
CVE-2021-20126

CWE-352
 

 
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

 
 
CVE-2021-20127

NVD-CWE-noinfo
 

 
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

 
 
CVE-2021-20128

CWE-79
 

 
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.

 
 
CVE-2021-20129

CWE-532
 

 
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.

 

 >>> Vendor: Draytek 5 Products
Vigor 2700 router
Vigor 2700 router firmware
Ap910c firmware
Vigor2925 firmware
Vigorconnect


Copyright 2021, cxsecurity.com

 

Back to Top