daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-20123.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-27 14:09:57 -04:00
parent a597eac585
commit 12ef20ecdf
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2021/CVE-2021-20123.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2021-20123
info:
name: Draytek VigorConnect - Unauthenticated Local File Inclusion DownloadFileServlet
name: Draytek VigorConnect 1.6.0-B - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Draytek VigorConnect 1.6.0-B3 is susceptle to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
reference:
- https://www.tenable.com/security/research/tra-2021-42
- https://www.cvedetails.com/cve/CVE-2021-20123/
- https://nvd.nist.gov/vuln/detail/CVE-2021-20123
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -42,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/27