CVE-2021-20125

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0670%

EPSS Percentile29.46th

PublishedOct 13, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.

Affected Platforms (CPE)

📦

Draytek

Vigorconnect

= 1.6.0

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2021-42

Vulnerability Description

Affected Platforms (CPE)

Vigorconnect

References & Advisories

Related Vulnerabilities