Vulnerabilities > CVE-2021-20127 - Unspecified vulnerability in Draytek Vigorconnect 1.6.0

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

draytek

NVD

Published: 2021-10-13

Updated: 2021-10-19

Summary

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Draytek Draytek Vigorconnect 1.6.0	1

References

https://www.tenable.com/security/research/tra-2021-42