Lucene search
TenableVULNRICHMENT:CVE-2021-20123HistoryOct 13, 2021 - 3:47 p.m.
CVE-2021-20123
2021-10-1315:47:58
tenable
github.com
6
cve-2021-20123
draytek vigorconnect
file download functionality
downloadfileservlet endpoint
unauthenticated attacker
arbitrary files
root privileges
AI Score
6.7
Confidence
Low
EPSS
0.494
Percentile
97.6%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
partial
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:*"
],
"vendor": "draytek",
"product": "vigorconnect",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
],
"defaultStatus": "unknown"
}
]Related
nessus
nessus
Draytek VigorConnect LFI (CVE-2021-20123)
2021-11-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Draytek VigorConnect Directory Traversal (CVE-2021-20123)
2021-11-11 00:00:00
nuclei
nuclei
Draytek VigorConnect 1.6.0-B - Local File Inclusion
2022-05-13 09:07:21
cvelist
cvelist
CVE-2021-20123
2021-10-13 15:47:58
cve
cve
CVE-2021-20123
2021-10-13 16:15:07
prion
prion
Remote file inclusion
2021-10-13 16:15:00
cnvd
cnvd
Draytek VigorConnect Local File Inclusion Vulnerability (CNVD-2021-81961)
2021-10-14 00:00:00
attackerkb
attackerkb
CVE-2021-20123
2021-10-13 00:00:00
cisa_kev
cisa_kev
Draytek VigorConnect Path Traversal Vulnerability
2024-09-03 00:00:00
nvd
nvd
CVE-2021-20123
2021-10-13 16:15:07
thn
thn
AI Score
6.7
Confidence
Low
EPSS
0.494
Percentile
97.6%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2021-20123