Improper Access Control in Syrotech Router's FTP Service
CVE-2025-10957

8.7HIGH

Key Information:

Vendor: Syrotech Networks
Status: Syrotech Sy-gpon-2010-wadont
Vendor: CVE Published:; 25 September 2025

🔔 Create Syrotech Networks Vulnerability Alert

What is CVE-2025-10957?

The Syrotech SY-GPON-2010-WADONT router exhibits a vulnerability rooted in improper access control related to its FTP service. This weakness allows remote attackers to exploit the router by connecting to the FTP interface using default credentials. Once accessed, an attacker could potentially retrieve sensitive information, including configuration files and user credentials, thus compromising the device's integrity and confidentiality.

Affected Version(s)

Syrotech SY-GPON-2010-WADONT V2.1.05-210329

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

This vulnerability is reported by Jahit Hoque.

JSON