Critical File Inclusion Vulnerabilities in Draytek VigorConnect

ISGroup Cybersecurity

Draytek VigorConnect routers present local file inclusion vulnerabilities (CVE-2021-20123, CVE-2021-20124), which allow unauthenticated attackers to download sensitive system files with root privileges. These vulnerabilities pose a serious risk of data breach and system compromise and are actively being exploited in real-world environments.

Productvigorconnect
Date2024-09-11 09:23:36

Technical summary

Draytek VigorConnect routers are vulnerable to local file inclusion exploits (CVE-2021-20123, CVE-2021-20124), which allow unauthenticated attackers to download sensitive system files with root privileges. These vulnerabilities entail serious risks of data breach and system compromise and are actively being exploited in real-world environments.

[Callforaction-THREAT-Footer]