Vulnerability Details CVE-2021-20139
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 8.3
References
Products affected by CVE-2021-20139
-
cpe:2.3:h:gryphonconnect:gryphon_tower:-
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:-
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:03.0002.74
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:03.002.56
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.08
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.20
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.53
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0002.92
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0003.06
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0003.25
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0004.05
-
cpe:2.3:o:gryphonconnect:gryphon_tower_firmware:04.0004.12