CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-42 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:*

Information

Published : 2021-10-13 09:15

Updated : 2022-07-12 10:42


NVD link : CVE-2021-20124

Mitre link : CVE-2021-20124


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

draytek

  • vigorconnect