A local file inclusion vulnerability exists in Draytek...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Sep 3, 2024
Description
Published by the National Vulnerability Database
Oct 13, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Sep 3, 2024
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
References