A command injection vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from the failure to properly filter the parameters of operation 41 in the controller_server service on the router for special characters and commands entered by the user, which could be exploited by an unauthenticated remote attacker to send specially crafted malicious packets to execute commands on the device as root.