Rahul Giri

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** This issue exists due to the unencrypted storage of WPA/WPS credentials within the router's firmware/database. An attacker with physical access could exploit this by extracting the firmware and reverse-engineering the binary data to access the plaintext WPA/WPS credentials. Successful exploitation could allow the attacker to bypass WPA/WPS and gain access to the Wi-Fi network of the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** The issue arises from the improper implementation of password policies. A local attacker could exploit this by creating passwords that do not adhere to the defined security standards or policy on the vulnerable system. Successful exploitation could allow the attacker to expose the router to potential security threats. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** The issue exists due to the presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation could allow the attacker to execute arbitrary commands with root privileges on the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** The issue arises from a missing secure flag for session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation could allow the attacker to capture cookies and compromise the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** This issue exists due to the storage of default `username` and `password` credentials in plaintext within the router's firmware/database. An attacker with physical access could exploit this by extracting the firmware and reverse-engineering the binary data to access the plaintext default credentials. Successful exploitation could allow the attacker to gain unauthorized access to the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** This issue exists due to the storage of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineering the binary data to access the plaintext FTP credentials. Successful exploitation could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SyroTech SY-GPON-1110-WDONT Router (affected versions not specified) **Description** This issue is related to the lack of encryption in storing usernames and passwords within the router's firmware/database. An attacker with physical access could exploit this by extracting the firmware and reverse engineering the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation could allow the attacker to gain unauthorized access to the targeted system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.