Skip to main content

Gryphon Tower Firmware

10 CVEs product

Monthly

CVE-2021-20146 CRITICAL Act Now

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gryphon Tower Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-20145 HIGH POC This Week

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gryphon Tower Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20144 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20143 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20142 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20141 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20140 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-20139 HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-20138 HIGH POC This Week

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-20137 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gryphon Tower Firmware
NVD
CVSS 3.1
6.1
EPSS
2.6%
EPSS 2% CVSS 9.8
CRITICAL Act Now

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gryphon Tower Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gryphon Tower Firmware
NVD
EPSS 3% CVSS 6.1
MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gryphon Tower Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy