3 matches found
Draytek VigorConnect Arbitrary File Upload (CVE-2021-20125)
An arbitrary file upload vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files to the affected system...
CVE-2021-20125
CVE-2021-20125 affects Draytek VigorConnect 1.6.0-B3. The vulnerability exists in the DownloadFileServlet’s file-upload functionality, enabling an unauthenticated attacker to upload arbitrary files and perform directory traversal to places on the target OS with root privileges. This is documented...
CVE-2021-20125
An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root...