Every CVE whose affected-product data names Draytek Vigorconnect, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-20125 — CVSS 9.8 (critical): An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek…
CVE-2021-20126 — CVSS 8.8 (high): Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid…
CVE-2021-20127 — CVSS 8.1 (high): An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect…
CVE-2021-20129 — CVSS 7.5 (high): An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
CVE-2021-20128 — CVSS 5.4 (medium): The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as…