Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gryphonconnect gryphon tower firmware vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-20144
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted ...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20141
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted ...
Gryphonconnect Gryphon Tower Firmware
6.1
CVSSv3
CVE-2021-20137
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attack...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20138
An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20139
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted m...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20140
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted ...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20142
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted ...
Gryphonconnect Gryphon Tower Firmware
8.8
CVSSv3
CVE-2021-20143
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted ...
Gryphonconnect Gryphon Tower Firmware
7.5
CVSSv3
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make confi...
Gryphonconnect Gryphon Tower Firmware
9.8
CVSSv3
CVE-2021-20146
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amaz...
Gryphonconnect Gryphon Tower Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started