CVE-2025-63729
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| syrotech | sy-gpon-1110-wdont_firmware | 3.1.02-240517 |
| syrotech | sy-gpon-1110-wdont | 3.7l |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
| CWE-532 | The product writes sensitive information to a log file. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Syrotech SY-GPON-1110-WDONT firmware allows attackers to extract sensitive cryptographic materials such as the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format from the firmware's etc folder.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can obtain private keys and certificates, potentially enabling them to decrypt secure communications, impersonate the device or trusted entities, and compromise the confidentiality and integrity of data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70