An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.
[
{
"product": "Draytek VigorConnect",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.6.0-B3"
}
]
}
]