VYPR

SY-GPON-1110-WDONT

by Syrotech

CVEs (10)

  • CVE-2024-41692HigJul 26, 2024
    risk 0.56cvss epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful…

  • CVE-2024-41687HigJul 26, 2024
    risk 0.49cvss 7.5epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this…

  • CVE-2024-41685HigJul 26, 2024
    risk 0.49cvss 7.5epss 0.01

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on…

  • CVE-2024-41684MedJul 26, 2024
    risk 0.34cvss 5.3epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the…

  • CVE-2024-41691MedJul 26, 2024
    risk 0.30cvss 4.6epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse…

  • CVE-2024-41690MedJul 26, 2024
    risk 0.30cvss 4.6epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer…

  • CVE-2024-41689MedJul 26, 2024
    risk 0.30cvss 4.6epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to…

  • CVE-2024-41688MedJul 26, 2024
    risk 0.30cvss 4.6epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary…

  • CVE-2024-41686LowJul 26, 2024
    risk 0.21cvss 3.3epss 0.00

    This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful…

  • CVE-2025-63729Nov 25, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.