Sign-up

ID

VAR-202511-2817


CVE

CVE-2025-63729


DESCRIPTION

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.

Trust: 1.0

sources: NVD: CVE-2025-63729

AFFECTED PRODUCTS

vendor:syrotechmodel:sy-gpon-1110-wdontscope:eqversion:3.1.02-240517

Trust: 1.0

sources: NVD: CVE-2025-63729

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-63729
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-63729
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 5.8
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-63729

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-532

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2025-63729

EXTERNAL IDS

db:NVDid:CVE-2025-63729

Trust: 1.0

sources: NVD: CVE-2025-63729

REFERENCES

url:https://github.com/yashodhanvivek/cve-2025-63729-syrotech-sy-gpon-1110-/blob/main/syrotech_sy-gpon-1110-wdont_security_assessment.pdf

Trust: 1.0

sources: NVD: CVE-2025-63729

SOURCES

db:NVDid:CVE-2025-63729

LAST UPDATE DATE

2026-01-14T23:53:00.518000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-63729date:2025-12-30T17:17:23.387

SOURCES RELEASE DATE

db:NVDid:CVE-2025-63729date:2025-11-25T17:15:50.243