CRITICAL🇵🇱 Wersja polska

CVE-2025-63729

CVSS 9.0v3.1pub. 2025-11-25upd. 2025-12-30

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Syrotech Sy Gpon 1110 Wdont

    HW
    Syrotech
    3.7l
  • Syrotech Sy Gpon 1110 Wdont Firmware

    OS
    Syrotech
    3.1.02-240517
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-41691HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext...

CVE-2024-41687HIGH8.6ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text....

CVE-2024-41688HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames...

CVE-2024-41690HIGH7.0ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and passwor...

CVE-2024-41686HIGH7.3ten sam produkt

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password pol...