COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-20124

CVE-2021-20124

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-09-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-20124
⌖ exploited in the wild shame 50/100 exploited-in-wild

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Players implicated

DrayTek · vendorVigorConnect · product

Description

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.