The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a malicious actor to upload arbitrary files with root privileges.

The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited download of dangerous types of files. Exploiting this vulnerability could...

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

Draytek VigorConnect Local File Inclusion Vulnerability (CNVD-2021-81961)

VigorConnect is the local network management software for DrayTek devices.A local file inclusion vulnerability exists in the file download function of the DownloadFileServlet endpoint of Draytek VigorConnect version 1.6.0-B3. An attacker could exploit this vulnerability to download arbitrary file...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

Remote file inclusion

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

Draytek VigorConnect 代码问题漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of the DownloadFileServlet in Draytek VigorConnect version 1.6.0-B3. An attacker could exploit the vulnerability to uplo...

CVE-2021-20123

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

SolarWinds Firewall Security Manager FSMWebService Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FSMWebService service. The issue lies within the...