Vulnerabilities > Draytek > Vigorconnect > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-13 | CVE-2021-20126 | Cross-Site Request Forgery (CSRF) vulnerability in Draytek Vigorconnect 1.6.0 Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 6.8 |
| 2021-10-13 | CVE-2021-20129 | Information Exposure Through Log Files vulnerability in Draytek Vigorconnect 1.6.0 An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. | 5.0 |