CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-20123

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score79.1710%
EPSS Percentile90.67th
Published2021年10月13日
Last Modified2025年11月3日

Vulnerability Description

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Affected Platforms (CPE)

📦
Draytek

Vigorconnect

= 1.6.0

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2021-42
🔗 https://www.tenable.com/security/research/tra-2021-42
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123

相关漏洞威胁

CVE-2021-201259.8

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in D...

CVE-2021-201268.8

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed,...

CVE-2021-201278.1

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConn...

CVE-2021-201247.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet ...