THREAT OPS › CVEs › CVE-2021-20123
CVE-2021-20123 — Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Vulnerability details
- Affected productsVigorConnect
- KEV remediation due2024-09-24