ID

VAR-202112-0702


CVE

CVE-2021-20146


TITLE

Gryphon  Insufficient Credential Protection Vulnerability on Devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-016083

DESCRIPTION

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon's development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services. Gryphon The device contains an insufficient credential protection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Gryphon Tower is a wireless router from Gryphon. Gryphon Tower has an information disclosure vulnerability

Trust: 2.16

sources: NVD: CVE-2021-20146 // JVNDB: JVNDB-2021-016083 // CNVD: CNVD-2021-100351

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100351

AFFECTED PRODUCTS

vendor:gryphonmodel:towerscope: - version: -

Trust: 1.4

vendor:gryphonconnectmodel:gryphon towerscope:lteversion:04.0004.12

Trust: 1.0

vendor:gryphonmodel:towerscope:eqversion:gryphon tower firmware

Trust: 0.8

vendor:gryphonmodel:towerscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-100351 // JVNDB: JVNDB-2021-016083 // NVD: CVE-2021-20146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20146
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-20146
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-100351
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-748
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-20146
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100351
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20146
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20146
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100351 // JVNDB: JVNDB-2021-016083 // CNNVD: CNNVD-202112-748 // NVD: CVE-2021-20146

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016083 // NVD: CVE-2021-20146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-748

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-748

PATCH

title:Top Pageurl:https://gryphon.com/

Trust: 0.8

title:Patch for Gryphon Tower information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/306066

Trust: 0.6

title:Gryphon Tower Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174239

Trust: 0.6

sources: CNVD: CNVD-2021-100351 // JVNDB: JVNDB-2021-016083 // CNNVD: CNNVD-202112-748

EXTERNAL IDS

db:NVDid:CVE-2021-20146

Trust: 3.8

db:TENABLEid:TRA-2021-51

Trust: 3.0

db:JVNDBid:JVNDB-2021-016083

Trust: 0.8

db:CNVDid:CNVD-2021-100351

Trust: 0.6

db:CNNVDid:CNNVD-202112-748

Trust: 0.6

sources: CNVD: CNVD-2021-100351 // JVNDB: JVNDB-2021-016083 // CNNVD: CNNVD-202112-748 // NVD: CVE-2021-20146

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-51

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-20146

Trust: 1.4

sources: CNVD: CNVD-2021-100351 // JVNDB: JVNDB-2021-016083 // CNNVD: CNNVD-202112-748 // NVD: CVE-2021-20146

SOURCES

db:CNVDid:CNVD-2021-100351
db:JVNDBid:JVNDB-2021-016083
db:CNNVDid:CNNVD-202112-748
db:NVDid:CVE-2021-20146

LAST UPDATE DATE

2024-08-14T13:53:43.966000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100351date:2021-12-16T00:00:00
db:JVNDBid:JVNDB-2021-016083date:2022-12-06T06:32:00
db:CNNVDid:CNNVD-202112-748date:2021-12-21T00:00:00
db:NVDid:CVE-2021-20146date:2021-12-13T18:20:52.240

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100351date:2021-12-16T00:00:00
db:JVNDBid:JVNDB-2021-016083date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-748date:2021-12-09T00:00:00
db:NVDid:CVE-2021-20146date:2021-12-09T16:15:08.167