Description
This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files, user credentials, or other sensitive information stored on the targeted device.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0223
Scores
CVSS v4
8.7
EPSS
0.0030
EPSS Percentile
21.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
Syrotech Networks/Syrotech SY-GPON-2010-WADONT
V2.1.05-210329
Published
Sep 25, 2025
Tracked Since
Feb 18, 2026