Guardian Gryphon Remote Code Execution Vulnerability via Improper TLS Certificate Validation
Vulnerability
A remote code execution vulnerability exists in the Guardian Gryphon WiFi access point, specifically in firmware version 01.06.0006.22. The issue arises from the device's TLS certification mechanism, which fails to properly validate certificates. This flaw allows attackers to intercept communications and inject malicious code into a client application, which is then executed with root privileges on the access point.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected device, with the executed code running as the root user.
Reproduction
The vulnerability can be reproduced by intercepting the TLS connection between the Gryphon Guardian access point and the server hosting the speedtest client. This can be done by spoofing DNS responses to redirect the traffic through an attacker's machine, where the interception can be managed and manipulated. Once the traffic is intercepted, a self-signed certificate can be used to bypass the TLS validation, allowing the injection of malicious payloads that are executed by the access point as root.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.