A command injection vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a failure to properly filter user input for special characters, commands, etc. in the parameters of operation 49 in the controller_server service on the router. An unauthenticated remote attacker could use this vulnerability to send specially crafted malicious packets to execute commands on the device as root.