The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a malicious actor to upload arbitrary files with root privileges.

The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited download of dangerous types of files. Exploiting this vulnerability could...

Draytek VigorConnect 代码问题漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...