Vulnerability Details CVE-2021-20137
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.115
EPSS Ranking 93.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-20137
-
cpe:2.3:h:gryphonconnect:gryphon_tower:-
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:-
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:03.0002.74
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:03.002.56
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.08
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.20
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.53
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.92
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0003.06
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0003.25
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0004.05
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0004.12