CVE-2021-20126

HIGH

8.8

CVSS Severity Score

EPSS Score0.1930%

EPSS Percentile9.13th

PublishedOct 13, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Affected Platforms (CPE)

📦

Draytek

Vigorconnect

= 1.6.0

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2021-42

Related Vulnerabilities

CVE-2021-201259.8

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in D...

CVE-2021-201278.1

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConn...

CVE-2021-201237.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFil...

CVE-2021-201247.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet ...