Lucene search
K

The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a malicious actor to upload arbitrary files with root privileges.

🗓️ 23 Dec 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec
🔗 bdu.fstec.ru👁 4 Views

The DownloadFileServlet in DrayTek VigorConnect can upload arbitrary files and download root files.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
Circl
CVE-2021-20125
13 Oct 202120:26
circl
CNNVD
Draytek VigorConnect 代码问题漏洞
13 Oct 202100:00
cnnvd
CNVD
Draytek VigorConnect Arbitrary File Upload and Directory Traversal Vulnerability
14 Oct 202100:00
cnvd
Check Point Advisories
Draytek VigorConnect Arbitrary File Upload (CVE-2021-20125)
17 Nov 202100:00
checkpoint_advisories
CVE
CVE-2021-20125
13 Oct 202115:48
cve
Cvelist
CVE-2021-20125
13 Oct 202115:48
cvelist
EUVD
EUVD-2021-7582
3 Oct 202520:07
euvd
NVD
CVE-2021-20125
13 Oct 202116:15
nvd
Prion
Directory traversal
13 Oct 202116:15
prion
RedhatCVE
CVE-2021-20125
22 May 202519:06
redhatcve
Rows per page
Vulners
Node
draytekvigorconnectMatch1.6.0-b3

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Dec 2024 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 39.8
CVSS 210
EPSS0.03823
4