Gryphonconnect Gryphon Tower Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Gryphonconnect Gryphon Tower Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-20146 — CVSS 9.8 (critical): An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with…
CVE-2021-20138 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at…
CVE-2021-20139 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon…
CVE-2021-20140 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon…
CVE-2021-20141 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon…
CVE-2021-20143 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon…
CVE-2021-20144 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon…
CVE-2021-20142 — CVSS 8.8 (high): An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon…
CVE-2021-20145 — CVSS 7.5 (high): Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN…
CVE-2021-20137 — CVSS 6.1 (medium): A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower…