S4E

CVE-2021-20123 Scanner

Detects 'Local File Inclusion' vulnerability in Draytek VigorConnect affects v. 1.6.0-B3.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

30 days

Scan only one

URL

Toolbox

-

Draytek VigorConnect is a software solution designed to help small-to-medium-sized businesses manage and monitor their networking infrastructure. It provides a unified platform for monitoring and configuring multiple Draytek networking devices such as routers, switches, and access points. The software enables administrators to easily configure and monitor their network infrastructure from a single interface. Draytek VigorConnect is known for its reliability, security, and ease of use, making it a popular choice for businesses seeking an all-in-one network management solution.

The CVE-2021-20123 vulnerability is a local file inclusion vulnerability found in the Draytek VigorConnect 1.6.0-B3 software in the DownloadFileServlet endpoint. When exploited, an attacker can gain unauthorized access to files and directories on the underlying operating system and potentially download arbitrary files with root privileges. This vulnerability can be exploited remotely without authentication by sending a crafted HTTP request to the affected endpoint.

When exploited, the CVE-2021-20123 vulnerability can lead to the compromise of sensitive data, including system files and user credentials. Attackers can gain access to the underlying operating system and cause damage by deleting files, altering configurations, or executing malicious code. This vulnerability poses a severe threat to businesses that rely on the Draytek VigorConnect software, as it can expose them to data breaches and system malfunctions.

In conclusion, the security and integrity of digital assets are crucial for businesses of all sizes. By using advanced security tools such as s4e.io, businesses can easily and quickly learn about vulnerabilities in their infrastructure and take measures to protect against them. With s4e.io's pro features, businesses can get comprehensive vulnerability scanning, threat intelligence, and real-time security alerts to help them stay ahead of threats. Ensure that your digital assets are secure by subscribing to s4e.io today.

 

REFERENCES

Get started to protecting your Free Full Security Scan