Security Advisory

CVE-2021-20124

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-13 15:48:03

Last updated 2025-10-21 23:25:28

Assigner tenable

State PUBLISHED

Description

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

← Browse all CVEs View on cve.org ↗