Intrusion Prevention

DrayTek.VigorConnect.DownloadFileServlet.Path.Traversal

Description

This indicates an attack attempt to exploit a Path Traversal vulnerability in Draytek VigorConnect.
The vulnerability is due to insufficient validation when handling user-supplied inputs. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted request to the target server. Successful exploitation can lead to the disclosure of sensitive information.

Affected Products

Draytek VigorConnect v1.6.0-B3

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply patch, available from the website.
https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129)

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2024-07-31	28.836	Modified	Default_action:pass:drop
2024-07-04	28.821	New

ID	55752
Created	Jun 05, 2024
Updated	Sep 17, 2024
CVE ID
Risk
Known Exploited	Yes
Exploit Prediction Score	94.06%
Default Action	drop
Active
Affected OS	Windows, Linux
Affected App	Other
Profile Type	Path Traversal

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

DrayTek.VigorConnect.DownloadFileServlet.Path.Traversal

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

DrayTek.VigorConnect.DownloadFileServlet.Path.Traversal

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center