Draytek VigorConnect routers present local file inclusion vulnerabilities (CVE-2021-20123, CVE-2021-20124), which allow unauthenticated attackers to download sensitive system files with root privileges. These vulnerabilities pose a serious risk of data breach and system compromise and are actively being exploited in real-world environments.
| Product | vigorconnect |
| Date | 2024-09-11 09:23:36 |
Technical summary
Draytek VigorConnect routers are vulnerable to local file inclusion exploits (CVE-2021-20123, CVE-2021-20124), which allow unauthenticated attackers to download sensitive system files with root privileges. These vulnerabilities entail serious risks of data breach and system compromise and are actively being exploited in real-world environments.
[Callforaction-THREAT-Footer]
