CVE-2021-20124
Draytek VigorConnect Path Traversal Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Se presenta una vulnerabilidad de inclusión de archivos locales en Draytek VigorConnect versión 1.6.0-B3, en la funcionalidad file download del endpoint WebServlet. Un atacante no autenticado podría aprovechar esta vulnerabilidad para descargar archivos arbitrarios desde el sistema operativo subyacente con privilegios de root
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2020-12-17 CVE Reserved
- 2021-10-13 CVE Published
- 2024-09-03 CVE Updated
- 2024-09-03 Exploited in Wild
- 2024-09-03 First Exploit
- 2024-09-04 EPSS Updated
- 2024-09-24 KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-42 | 2024-09-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Draytek Search vendor "Draytek" | Vigorconnect Search vendor "Draytek" for product "Vigorconnect" | 1.6.0 Search vendor "Draytek" for product "Vigorconnect" and version "1.6.0" | beta3 |
Affected
| ||||||