Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
draytek vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-20125
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating sy...
Draytek Vigorconnect 1.6.0
8.5
CVSSv2
CVE-2021-20127
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.
Draytek Vigorconnect 1.6.0
NA
CVE-2023-1009
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option...
Draytek Vigor2960 Firmware 1.5.1.4
4.3
CVSSv2
CVE-2017-11650
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote malicious users to inject arbitrary web script or HTML via vectors involving home.asp.
Draytek Vigorap 910c Firmware 1.2.0
7.8
CVSSv2
CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with...
Draytek Vigorconnect 1.6.0
7.8
CVSSv2
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root pri...
Draytek Vigorconnect 1.6.0
6.8
CVSSv2
CVE-2021-20126
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Draytek Vigorconnect 1.6.0
3.5
CVSSv2
CVE-2021-20128
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
Draytek Vigorconnect 1.6.0
4.3
CVSSv2
CVE-2018-20872
DrayTek routers prior to 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
I-lan Draytekl Firmware
NA
CVE-2024-23721
A Directory Traversal issue exists in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4