CVE-2021-20123: Draytek VigorConnect Path Traversal Vulnerability . Draytek

Draytek VigorConnect Path Traversal Vulnerability . Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

• CISA KEV-listed (remediation due 2024-09-24)
• EPSS 93.5% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions