An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphonβs development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services.
[
{
"product": "Gryphon Tower router",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "<= 04.0004.12 (Current)"
}
]
}
]