6 matches found
Draytek VigorConnect Unauthenticated LFI (CVE-2021-20124)
Binary data draytekvigorconnectcve-2021-20124.nbin...
Draytek VigorConnect Directory Traversal (CVE-2021-20124)
A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access arbitrary files on the affected system...
CVE-2021-20124
creationtimestamp| type| source ---|---|--- 2021-10-13 20:26:47+00:00| seen| https://t.me/cibsecurity/30518 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-20124.yaml 2024-09-03 18:10:03+00:00| seen|...
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
CVE-2021-20124
Draytek VigorConnect 1.6.0-B3 is affected by an unauthenticated local file inclusion via the WebServlet file download endpoint. This allows arbitrary file download from the underlying OS (root privileges). Public advisories document a fix in VigorConnect 1.6.1; CISA/CIRCL/NCSC references corrobor...