VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download function of the DownloadFileServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary files from the underlying operating system with root privileges.