本ページは draytek vigorconnect に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-20129 | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | [email protected] | 7.5 | 1.48% | 2021-10-13 | 2024-11-21 |
| CVE-2021-20128 | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. | [email protected] | 5.4 | 0.19% | 2021-10-13 | 2024-11-21 |
| CVE-2021-20127 | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. | [email protected] | 8.1 | 0.61% | 2021-10-13 | 2024-11-21 |
| CVE-2021-20126 | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | [email protected] | 8.8 | 0.10% | 2021-10-13 | 2024-11-21 |
| CVE-2021-20125 | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | [email protected] | 9.8 | 3.22% | 2021-10-13 | 2024-11-21 |
| CVE-2021-20124 KEV | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | [email protected] | 7.5 | 93.56% | 2021-10-13 | 2025-11-03 |
| CVE-2021-20123 KEV | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | [email protected] | 7.5 | 93.49% | 2021-10-13 | 2025-11-03 |