Vulnerabilities > Draytek > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-13 | CVE-2021-20129 | Information Exposure Through Log Files vulnerability in Draytek Vigorconnect 1.6.0 An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | 7.5 |
| 2020-12-31 | CVE-2020-19664 | OS Command Injection vulnerability in Draytek Vigor2960 Firmware 1.3.1/1.5.1 DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | 8.8 |
| 2020-04-15 | CVE-2020-3932 | Unspecified vulnerability in Draytek Vigorap 910C Firmware 1.3.1 A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | 7.5 |
| 2018-03-07 | CVE-2017-11649 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp. | 8.8 |