CVE Tools

gryphonconnect

ICS / OT / IoTcommercial

10

Cumulative CVEs

1

Monthly snapshots

#52

Peak rank

Top products

gryphon tower firmware10

Latest CVEs

The 10 most recently published vulnerabilities affecting gryphonconnect.

CVE-2021-20139An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same ...8.8Dec 9, 2021
CVE-2021-20138An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same ne...8.8Dec 9, 2021
CVE-2021-20137A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue b...6.1Dec 9, 2021
CVE-2021-20142An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same...8.8Dec 9, 2021
CVE-2021-20141An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same...8.8Dec 9, 2021
CVE-2021-20140An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same...8.8Dec 9, 2021
CVE-2021-20146An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discover...9.8Dec 9, 2021
CVE-2021-20145Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' device...7.5Dec 9, 2021
CVE-2021-20144An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same...8.8Dec 9, 2021
CVE-2021-20143An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same...8.8Dec 9, 2021