GCVE - cpe:2.3:a:n/a:draytek_vigorconnect:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:draytek_vigorconnect:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Draytek Vigorconnect (`22ab6ca2-0c56-5f88-b802-769a41e44f7b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-20129`	vulnerable	2026-06-08 05:29:08.566509	Details available An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. Published: 2021-10-13T15:49:35.000Z Updated: 2024-08-03T17:30:07.422Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-42	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20128`	vulnerable	2026-06-08 05:29:08.566243	Details available The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. Published: 2021-10-13T15:49:30.000Z Updated: 2024-08-03T17:30:07.492Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-42	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20127`	vulnerable	2026-06-08 05:29:08.565966	Details available An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. Published: 2021-10-13T15:49:25.000Z Updated: 2024-08-03T17:30:07.367Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-42	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20126`	vulnerable	2026-06-08 05:29:08.565696	Details available Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Published: 2021-10-13T15:48:15.000Z Updated: 2024-08-03T17:30:07.598Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-42	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20125`	vulnerable	2026-06-08 05:29:08.565416	Details available An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. Published: 2021-10-13T15:48:08.000Z Updated: 2024-08-03T17:30:07.504Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2021-42	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20124`	vulnerable	2026-06-08 05:29:08.565127	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20123`	vulnerable	2026-06-08 05:29:08.564541	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.