CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-42 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:*

Information

Published : 2021-10-13 04:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-20123

Mitre link : CVE-2021-20123

Products Affected
No products.
CWE