Podatność CVE-2021-20123


Publikacja: 2021-10-13

Opis:
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

 Referencje:
https://www.tenable.com/security/research/tra-2021-42

Copyright 2021, cxsecurity.com

 

Back to Top