CVE-2021-20123CISA KEV: Actively Exploited

Draytek VigorConnect Path Traversal Vulnerability

Published Sep 3, 2024·Updated Sep 3, 2024

Description

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free