Vulnerabilities > Gryphonconnect > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-20138 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20139 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20140 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20141 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20142 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20143 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20144 OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers.
low complexity
gryphonconnect CWE-78
8.8
8.8
2021-12-09 CVE-2021-20145 Improper Authentication vulnerability in Gryphonconnect Gryphon Tower Firmware
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service.
network
low complexity
gryphonconnect CWE-287
7.5
7.5