CVE-2021-20124CISA KEVEPSS p99.3%

CVE-2021-20124Draytek VigorConnect Path Traversal Vulnerability

DrayTek / VigorConnect

Description

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Scoring

EPSS69.95% probability of exploitation · percentile 99.3% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2024-09-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryDraytek VigorConnect Path Traversal Vulnerability kev-cve-2021-201240%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Zyxel Multiple Firewalls Path Traversal Vulnerability
CVE
CVE-2026-35718
CVE
DrayTek Vigor Routers OS Command Injection Vulnerability
CVE
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CVE
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVE
CVE-2025-29514
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.