CVE-2021-20123CISA KEVEPSS p99.4%

CVE-2021-20123Draytek VigorConnect Path Traversal Vulnerability

DrayTek / VigorConnect

Description

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Scoring

EPSS74.85% probability of exploitation · percentile 99.4% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2024-09-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryDraytek VigorConnect Path Traversal Vulnerability kev-cve-2021-201230%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35718
CVE
Zyxel Multiple Firewalls Path Traversal Vulnerability
CVE
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CVE
DrayTek Vigor Routers OS Command Injection Vulnerability
CVE
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVE
Grafana Path Traversal Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.