gryphonconnect CVE Vulnerabilities & Metrics

Focus on gryphonconnect vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About gryphonconnect Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with gryphonconnect. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total gryphonconnect CVEs: 10
Earliest CVE date: 09 Dec 2021, 16:15 UTC
Latest CVE date: 09 Dec 2021, 16:15 UTC

Latest CVE reference: CVE-2021-20146

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical gryphonconnect CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 7.74

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	2
7.0-8.9	7
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS gryphonconnect CVEs

These are the five CVEs with the highest CVSS scores for gryphonconnect, sorted by severity first and recency.

CVE-2021-20146 gryphonconnect Published on 09 Dec 2021, 16:15 UTC (CVSS: 10.0)
An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services.
CVE-2021-20144 gryphonconnect Published on 09 Dec 2021, 16:15 UTC (CVSS: 8.3)
An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVE-2021-20143 gryphonconnect Published on 09 Dec 2021, 16:15 UTC (CVSS: 8.3)
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVE-2021-20142 gryphonconnect Published on 09 Dec 2021, 16:15 UTC (CVSS: 8.3)
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVE-2021-20141 gryphonconnect Published on 09 Dec 2021, 16:15 UTC (CVSS: 8.3)
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

All CVEs for gryphonconnect

CVE-2021-20146 gryphonconnect vulnerability CVSS: 10.0 09 Dec 2021, 16:15 UTC

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services.

CVE-2021-20145 gryphonconnect vulnerability CVSS: 5.0 09 Dec 2021, 16:15 UTC

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.

CVE-2021-20144 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20143 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20142 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20141 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20140 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20139 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.

CVE-2021-20138 gryphonconnect vulnerability CVSS: 8.3 09 Dec 2021, 16:15 UTC

An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface.

CVE-2021-20137 gryphonconnect vulnerability CVSS: 4.3 09 Dec 2021, 16:15 UTC

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.