← Voltar para CVEs
CVE-2021-20124
HIGHCISA KEV7.5
Descricao
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/13/2021
Ultima modificacao11/3/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorDrayTek
ProdutoVigorConnect
Nome da vulnerabilidadeDraytek VigorConnect Path Traversal Vulnerability
Data inclusao KEV2024-09-03
Prazo de remediacao2024-09-24
Uso em ransomwareUnknown
Produtos afetados
draytek:vigorconnect
Fraquezas (CWE)
CWE-22CWE-22
Referencias
https://www.tenable.com/security/research/tra-2021-42(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2021-42(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20124(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.