CVE-2021-20124: Draytek VigorConnect Path Traversal Vulnerability . Draytek

Draytek VigorConnect Path Traversal Vulnerability . Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

• CISA KEV-listed (remediation due 2024-09-24)
• EPSS 93.6% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions