CVSS: 7.8EPSS: 49%CPEs: 1EXPL: 1CVE-2021-20124 – Draytek VigorConnect Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. Se presenta una vulnerabilidad de inclusión de archivos locales en Draytek VigorConnect versión 1.6.0-B3, en la funcionalidad file download del endpoint WebServlet. Un atacante no autenticado podría aprovechar esta vulnerabilidad para descargar archivos arbitrarios desde el sistema operativo subyacente con privilegios de root Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. • https://www.tenable.com/security/research/tra-2021-42 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 49%CPEs: 1EXPL: 1CVE-2021-20123 – Draytek VigorConnect Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. Se presenta una vulnerabilidad de inclusión de archivos locales en Draytek VigorConnect versión 1.6.0-B3, en la funcionalidad file download del endpoint DownloadFileServlet. Un atacante no autenticado podría aprovechar esta vulnerabilidad para descargar archivos arbitrarios del sistema operativo subyacente con privilegios de root Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. • https://www.tenable.com/security/research/tra-2021-42 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •