Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
draytek vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
Draytek Vigor2960 Firmware
1 Github repository
7.5
CVSSv3
CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with...
Draytek Vigorconnect 1.6.0
7.5
CVSSv3
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root pri...
Draytek Vigorconnect 1.6.0
9.8
CVSSv3
CVE-2021-20125
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating sy...
Draytek Vigorconnect 1.6.0
8.8
CVSSv3
CVE-2021-20126
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Draytek Vigorconnect 1.6.0
8.1
CVSSv3
CVE-2021-20127
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.
Draytek Vigorconnect 1.6.0
7.5
CVSSv3
CVE-2021-20129
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated malicious user to export system logs.
Draytek Vigorconnect 1.6.0
7.5
CVSSv3
CVE-2020-3932
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
Draytek Vigorap 910c Firmware 1.3.1
5.4
CVSSv3
CVE-2021-20128
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
Draytek Vigorconnect 1.6.0
9.8
CVSSv3
CVE-2023-47254
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote malicious users to execute arbitrary system commands and escalate privileges via any account created within the web interface.
Draytek Vigor167 Firmware 5.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »