ID

VAR-202112-0703


CVE

CVE-2021-20145


TITLE

Gryphon Tower  Authentication vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-016084

DESCRIPTION

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network. Gryphon Tower An authentication vulnerability exists in the router.Information may be obtained. Gryphon Tower is a wireless router from Gryphon

Trust: 2.16

sources: NVD: CVE-2021-20145 // JVNDB: JVNDB-2021-016084 // CNVD: CNVD-2021-100350

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100350

AFFECTED PRODUCTS

vendor:gryphonmodel:towerscope: - version: -

Trust: 1.4

vendor:gryphonconnectmodel:gryphon towerscope:lteversion:04.0004.12

Trust: 1.0

vendor:gryphonmodel:towerscope:eqversion:gryphon tower firmware

Trust: 0.8

vendor:gryphonmodel:towerscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-100350 // JVNDB: JVNDB-2021-016084 // NVD: CVE-2021-20145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20145
value: HIGH

Trust: 1.0

NVD: CVE-2021-20145
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-100350
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202112-747
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20145
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100350
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20145
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-20145
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100350 // JVNDB: JVNDB-2021-016084 // CNNVD: CNNVD-202112-747 // NVD: CVE-2021-20145

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016084 // NVD: CVE-2021-20145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-747

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-747

PATCH

title:Top Pageurl:https://gryphon.com/

Trust: 0.8

title:Patch for Gryphon Tower authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/306071

Trust: 0.6

title:Gryphon Tower Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174238

Trust: 0.6

sources: CNVD: CNVD-2021-100350 // JVNDB: JVNDB-2021-016084 // CNNVD: CNNVD-202112-747

EXTERNAL IDS

db:NVDid:CVE-2021-20145

Trust: 3.8

db:TENABLEid:TRA-2021-51

Trust: 3.0

db:JVNDBid:JVNDB-2021-016084

Trust: 0.8

db:CNVDid:CNVD-2021-100350

Trust: 0.6

db:CNNVDid:CNNVD-202112-747

Trust: 0.6

sources: CNVD: CNVD-2021-100350 // JVNDB: JVNDB-2021-016084 // CNNVD: CNNVD-202112-747 // NVD: CVE-2021-20145

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-51

Trust: 3.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-20145

Trust: 1.4

sources: CNVD: CNVD-2021-100350 // JVNDB: JVNDB-2021-016084 // CNNVD: CNNVD-202112-747 // NVD: CVE-2021-20145

SOURCES

db:CNVDid:CNVD-2021-100350
db:JVNDBid:JVNDB-2021-016084
db:CNNVDid:CNNVD-202112-747
db:NVDid:CVE-2021-20145

LAST UPDATE DATE

2024-08-14T13:53:44.194000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100350date:2021-12-16T00:00:00
db:JVNDBid:JVNDB-2021-016084date:2022-12-06T06:38:00
db:CNNVDid:CNNVD-202112-747date:2021-12-21T00:00:00
db:NVDid:CVE-2021-20145date:2021-12-13T18:19:32.177

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100350date:2021-12-16T00:00:00
db:JVNDBid:JVNDB-2021-016084date:2022-12-06T00:00:00
db:CNNVDid:CNNVD-202112-747date:2021-12-09T00:00:00
db:NVDid:CVE-2021-20145date:2021-12-09T16:15:08.123