CVE-2021-20123

CVSS 7.5 HIGHEPSS 74.3%● KEVCWE-22

In short

An unauthenticated attacker can download any file from a DrayTek VigorConnect server by exploiting a flaw in the file download feature, potentially exposing sensitive system files. This is critical because no login is required and the attacker gains access to files with the highest privilege level.

Technical detail

A path traversal vulnerability in DownloadFileServlet (CWE-22) allows unauthenticated remote attackers to bypass directory restrictions and retrieve arbitrary files with root-level permissions. The vulnerability stems from insufficient input validation in the file download mechanism, enabling an attacker to manipulate file paths and access sensitive system resources.

Summary generated and translated by AI from the official description.

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · Draytek VigorConnect

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20123 https://www.tenable.com/security/research/tra-2021-42