ID
VAR-202112-0711
CVE
CVE-2021-20137
TITLE
Gryphon Tower Cross-site scripting vulnerability in routers
Trust: 0.8
sources:
JVNDB: JVNDB-2021-016123
DESCRIPTION
A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser
Trust: 1.71
sources:
NVD: CVE-2021-20137 //
JVNDB: JVNDB-2021-016123 //
VULMON: CVE-2021-20137
AFFECTED PRODUCTS
| vendor: | gryphonconnect | model: | gryphon tower | scope: | lte | version: | 04.0004.12 | Trust: 1.0 |
| vendor: | gryphon | model: | tower | scope: | - | version: | - | Trust: 0.8 |
| vendor: | gryphon | model: | tower | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | gryphon | model: | tower | scope: | eq | version: | gryphon tower firmware | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-016123 //
NVD: CVE-2021-20137
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2021-20137 //
JVNDB: JVNDB-2021-016123 //
CNNVD: CNNVD-202112-737 //
NVD: CVE-2021-20137
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-016123 //
NVD: CVE-2021-20137
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202112-737
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202112-737
PATCH
| title: | Top Page | url: | https://gryphonconnect.com/ | Trust: 0.8 |
| title: | Gryphon Tower Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174230 | Trust: 0.6 |
| title: | Kenzer Templates [5170] [DEPRECATED] | url: | https://github.com/ARPSyndicate/kenzer-templates | Trust: 0.1 |
sources:
VULMON: CVE-2021-20137 //
JVNDB: JVNDB-2021-016123 //
CNNVD: CNNVD-202112-737
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-20137 | Trust: 3.3 |
| db: | TENABLE | id: | TRA-2021-51 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2021-016123 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202112-737 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2021-20137 | Trust: 0.1 |
sources:
VULMON: CVE-2021-20137 //
JVNDB: JVNDB-2021-016123 //
CNNVD: CNNVD-202112-737 //
NVD: CVE-2021-20137
REFERENCES
| url: | https://www.tenable.com/security/research/tra-2021-51 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-20137 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/79.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/arpsyndicate/kenzer-templates | Trust: 0.1 |
sources:
VULMON: CVE-2021-20137 //
JVNDB: JVNDB-2021-016123 //
CNNVD: CNNVD-202112-737 //
NVD: CVE-2021-20137
SOURCES
| db: | VULMON | id: | CVE-2021-20137 |
| db: | JVNDB | id: | JVNDB-2021-016123 |
| db: | CNNVD | id: | CNNVD-202112-737 |
| db: | NVD | id: | CVE-2021-20137 |
LAST UPDATE DATE
2024-08-14T13:53:44.112000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2021-20137 | date: | 2021-12-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-016123 | date: | 2022-12-07T02:50:00 |
| db: | CNNVD | id: | CNNVD-202112-737 | date: | 2021-12-14T00:00:00 |
| db: | NVD | id: | CVE-2021-20137 | date: | 2021-12-13T17:05:05.863 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2021-20137 | date: | 2021-12-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-016123 | date: | 2022-12-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-202112-737 | date: | 2021-12-09T00:00:00 |
| db: | NVD | id: | CVE-2021-20137 | date: | 2021-12-09T16:15:07.753 |