|
195431
|
7.5 |
HIGH
Network
|
draytek
|
vigorconnect
|
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-20129
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195432
|
5.4 |
MEDIUM
Network
|
draytek
|
vigorconnect
|
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20128
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195433
|
8.1 |
HIGH
Network
|
draytek
|
vigorconnect
|
An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete…
|
NVD-CWE-noinfo
|
CVE-2021-20127
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195434
|
8.8 |
HIGH
Network
|
draytek
|
vigorconnect
|
Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who…
|
CWE-352
Origin Validation Error
|
CVE-2021-20126
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195435
|
9.8 |
CRITICAL
Network
|
draytek
|
vigorconnect
|
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could lever…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-20125
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195436
|
7.5 |
HIGH
Network
|
draytek
|
vigorconnect
|
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerabili…
|
CWE-22
Path Traversal
|
CVE-2021-20124
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195437
|
7.5 |
HIGH
Network
|
draytek
|
vigorconnect
|
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vu…
|
CWE-22
Path Traversal
|
CVE-2021-20123
|
2024-11-21 14:45 |
2021-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195438
|
6.1 |
MEDIUM
Network
|
sonicwall
|
sonicos
|
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
|
CWE-601
Open Redirect
|
CVE-2021-20031
|
2024-11-21 14:45 |
2021-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195439
|
7.2 |
HIGH
Network
|
telus
|
prv65b444a-s-ts_firmware
|
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker co…
|
CWE-78
OS Command
|
CVE-2021-20122
|
2024-11-21 14:45 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195440
|
4.0 |
MEDIUM
Physics
|
telus
|
prv65b444a-s-ts_firmware
|
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary …
|
NVD-CWE-noinfo
|
CVE-2021-20121
|
2024-11-21 14:45 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
