CISA reports active exploitation of two high-severity DrayTek VigorConnect flaws
Take action: If you are running DrayTek VigorConnect, time to patch it. Isolation may be an option, but it seems that after 3 years you would have found time to patch it. So don't delay any more.
Learn More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding two high-severity vulnerabilities in DrayTek’s network equipment management software, VigorConnect. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
VigorConnect is a network management software developed by DrayTek that allows administrators to centrally manage, monitor, and configure up to 100 DrayTek devices, such as access points (APs) and switches, within a local area network (LAN).
DrayTek VigorConnect Vulnerabilities CVE-2021-20123 and CVE-2021-20124 (both with CVSS score 7.5)
Both vulnerabilities are path traversal flaws that allow attackers to read sensitive files on the affected system. These flaws were discovered in the DownloadFileServlet and WebServlet programs of the VigorConnect software.
An unauthenticated attacker can exploit these vulnerabilities to download arbitrary files from the underlying operating system with root privileges, potentially exposing sensitive data.
Discovered by Tenable in 2021, these vulnerabilities were patched in October 2021. However, their addition to the KEV catalog indicates that many systems remain vulnerable and that cybercriminals are actively targeting them.
Users are urget to ensure all systems running VigorConnect are updated with the latest patches released in October 2021 or later.
