← Volver a CVEs
CVE-2021-20123
HIGHCISA KEV7.5
Descripcion
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/13/2021
Ultima modificacion11/3/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorDrayTek
ProductoVigorConnect
Nombre vulnerabilidadDraytek VigorConnect Path Traversal Vulnerability
Fecha inclusion KEV2024-09-03
Fecha limite remediacion2024-09-24
Uso en ransomwareUnknown
Productos afectados
draytek:vigorconnect
Debilidades (CWE)
CWE-22CWE-22
Referencias
https://www.tenable.com/security/research/tra-2021-42(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2021-42(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.