CVE-2021-20145
HIGHGryphon Tower Firmware < 04.0004.12 - Unauthenticated VPN Access via OpenVPN Configuration Exposure
Title source: llmDescription
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2021-51
Scores
CVSS v3
7.5
EPSS
0.0124
EPSS Percentile
65.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (1)
gryphonconnect/gryphon_tower_firmware
< 04.0004.12
Published
Dec 09, 2021
Tracked Since
Feb 18, 2026