Home

Description

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.

PUBLISHED Reserved 2025-09-25 | Published 2025-09-25 | Updated 2025-09-25 | Assigner CERT-In




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-284: Improper Access Control

Product status

Default status
unaffected

V2.1.05-210329
affected

Credits

This vulnerability is reported by Jahit Hoque. finder

References

www.cert-in.org.in/...eid=PUBVLNOTES01&VLCODE=CIVN-2025-0223 third-party-advisory

cve.org (CVE-2025-10957)

nvd.nist.gov (CVE-2025-10957)

Download JSON