A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
CPE | Name | Operator | Version |
---|---|---|---|
vigorconnect | eq | 1.6.0 beta3 |