S4E

CVE-2021-20124 Scanner

Detects 'Local File Inclusion' vulnerability in Draytek VigorConnect affects v. 1.6.0-B3.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

30 days

Scan only one

URL

Toolbox

-

Draytek VigorConnect is a network management software that is primarily used by small and medium-sized enterprises. It allows network administrators to manage their routers, switches, and other network devices from a single, centralized location. The software provides a range of features, including network monitoring, device configuration, and firmware updates. It is designed to make network management simpler and more efficient.

CVE-2021-20124 is a critical vulnerability that was detected in Draytek VigorConnect 1.6.0-B3. The vulnerability exists in the file download functionality of the WebServlet endpoint, allowing an unauthenticated attacker to download any file from the underlying operating system with root privileges. This means that attackers could gain complete control over the network infrastructure of an organization, potentially leading to data theft, network disruption, or even ransomware attacks.

If this vulnerability is exploited, it can have serious consequences for affected organizations. Hackers could gain access to sensitive data, install backdoors, or carry out other malicious activities that could disrupt the network and cause severe damage to an organization's reputation. Moreover, the vulnerability can be exploited remotely, which means that attackers could target multiple organizations at once, increasing the potential for widespread damage.

By using the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides real-time alerts and notifications for new vulnerabilities, as well as detailed information on how to patch and protect against them. With s4e.io, organizations can stay one step ahead of cyber threats and keep their networks safe and secure.

 

REFERENCES

Get started to protecting your Free Full Security Scan