CVE-2021-20124

HIGH KEV NUCLEI

Draytek Vigorconnect - Path Traversal

Title source: rule

Description

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Nuclei Templates (1)

Draytek VigorConnect 6.0-B3 - Local File Inclusion
HIGHVERIFIEDby 0x_Akoko
Shodan: http.html:"VigorConnect" || http.html:"vigorconnect"
FOFA: body="vigorconnect"

References (2)

Scores

CVSS v3 7.5
EPSS 0.9406
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2024-09-03
VulnCheck KEV 2024-09-03
InTheWild.io 2024-09-03
ENISA EUVD EUVD-2021-7581
CWE
CWE-22
Status published
Products (1)
draytek/vigorconnect 1.6.0 beta3
Published Oct 13, 2021
KEV Added Sep 03, 2024
Tracked Since Feb 18, 2026