Vulnerabilities > Gryphonconnect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-20137 | Cross-site Scripting vulnerability in Gryphonconnect Gryphon Tower Firmware A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. | 6.1 |
| 2021-12-09 | CVE-2021-20138 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. | 8.8 |
| 2021-12-09 | CVE-2021-20139 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20140 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20141 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20142 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20143 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20144 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-20145 | Improper Authentication vulnerability in Gryphonconnect Gryphon Tower Firmware Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. | 7.5 |
| 2021-12-09 | CVE-2021-20146 | Insufficiently Protected Credentials vulnerability in Gryphonconnect Gryphon Tower Firmware An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. | 9.8 |