Vulnerabilities > Draytek > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-13 CVE-2021-20129 Information Exposure Through Log Files vulnerability in Draytek Vigorconnect 1.6.0
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
network
low complexity
draytek CWE-532
7.5
2020-12-31 CVE-2020-19664 OS Command Injection vulnerability in Draytek Vigor2960 Firmware 1.3.1
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
network
low complexity
draytek CWE-78
8.8
2020-04-15 CVE-2020-3932 Unspecified vulnerability in Draytek Vigorap 910C Firmware 1.3.1
A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.
network
low complexity
draytek
7.5
2018-03-07 CVE-2017-11649 Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.
network
low complexity
draytek CWE-352
8.8