CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-20125

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile29.46th
Published2021年10月13日
Last Modified2024年11月21日

Vulnerability Description

An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges.

Affected Platforms (CPE)

📦
Draytek

Vigorconnect

= 1.6.0

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2021-42
🔗 https://www.tenable.com/security/research/tra-2021-42

相關漏洞威脅

CVE-2021-201268.8

Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed,...

CVE-2021-201278.1

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConn...

CVE-2021-201237.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFil...

CVE-2021-201247.5

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet ...