CVE-2021-20123
Draytek VigorConnect Path Traversal Vulnerability
CVSS
—
Sin CVSS
EPSS
74.3%
p99
KEV
SÍ
3 sept 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
DrayTek / VigorConnect
Vulnerabilidad
Draytek VigorConnect Path Traversal Vulnerability
Añadido a KEV
3 sept 2024
Remediar antes de
24 sept 2024
Uso conocido en ransomware
No
Descripción resumida
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20123