THREATOPS
THREAT OPSCVEs › CVE-2021-20123

CVE-2021-20123 — Draytek VigorConnect Path Traversal Vulnerability

CISA KEVExploited: confirmedDrayTek

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Vulnerability details