Vulnerability detail

Enriched intelligence for a single CVE

7.5

CVSS
High

CVE-2021-20123

PUBLISHED

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet...

Exploited in the wild Remote Low complexity No user interaction

Vendor: Draytek
Product: Draytek VigorConnect
Published: Oct 13, 2021
EPSS: —

Description

A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

cisa nuclei_scanner edge nessus_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0 7.8

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2024-09-03 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: partial

References

https://www.tenable.com/security/research/tra-2021-42

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Sep 03, 2024

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20123.yaml	Apr 25, 2025
Nessus	https://www.tenable.com/plugins/nessus/154966	Mar 08, 2023

Timeline

CVE ID Reserved

December 17, 2020
CVE Published to Public

October 13, 2021
Detected by Nessus

March 08, 2023
Added to KEVIntel

September 03, 2024
Detected by Nuclei

April 25, 2025