CVE-2021-20124
Draytek VigorConnect Path Traversal Vulnerability
⚠ KEVEPSS 93.6%
Description
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
How to fix CVE-2021-20124
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2021-20124 being exploited?
Yes — CVE-2021-20124 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.