VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywhere on the target operating system with root privileges.