CVE-2021-20124

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-42 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:*

Information

Published : 2021-10-13 04:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-20124

Mitre link : CVE-2021-20124

Products Affected
No products.
CWE