CVE-2021-20127

Summary

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges.

Affected Software

VendorProductVersion RangeStatus
n/aDraytek VigorConnect1.6.0-B3affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References