COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-20123

CVE-2021-20123

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-09-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-20123
⌖ exploited in the wild shame 50/100 exploited-in-wild

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Players implicated

DrayTek · vendorVigorConnect · product

Description

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.