A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Published: 2024-09-09
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.