AI Score
Confidence
Low
EPSS
Percentile
97.6%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
partial
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
[
{
"cpes": [
"cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:*"
],
"vendor": "draytek",
"product": "vigorconnect",
"versions": [
{
"status": "affected",
"version": "1.6.0"
}
],
"defaultStatus": "unknown"
}
]