CVE-2021-20145

Name of the Vulnerable Software and Affected Versions: Gryphon Tower routers (affected versions not specified)

Description: The issue concerns an unprotected openvpn configuration file in Gryphon Tower routers, which can allow attackers to access the Gryphon homebound VPN network. This exposure can lead to the LAN interfaces of other users' devices connected to the same service being accessible. An attacker could leverage this to make configuration changes to, or otherwise attack victims' devices as though they were on an adjacent network.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.