CVE-2021-20127

HIGH

8.1

CVSS Severity Score

EPSS Score0.1500%

EPSS Percentile35.32th

PublishedOct 13, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

Affected Platforms (CPE)

📦

Draytek

Vigorconnect

= 1.6.0

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2021-42

Related Vulnerabilities

CVE-2021-201259.8

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in D...

CVE-2021-201268.8

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed,...

CVE-2021-201237.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFil...

CVE-2021-201247.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet ...