CVE-2021-20123

HIGHCISA KEV

7.5

Beschreibung

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht10/13/2021

Zuletzt geandert11/3/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerDrayTek

ProduktVigorConnect

SchwachstellennameDraytek VigorConnect Path Traversal Vulnerability

KEV Aufnahmedatum2024-09-03

Behebungsfrist2024-09-24

Ransomware-NutzungUnknown

Betroffene Produkte

draytek:vigorconnect

Schwachen (CWE)

CWE-22CWE-22

Referenzen

https://www.tenable.com/security/research/tra-2021-42(vulnreport@tenable.com)

https://www.tenable.com/security/research/tra-2021-42(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.