CVE-2025-10957 is a high-severity vulnerability affecting the Syrotech SY-GPON-2010-WADONT router, specifically in its FTP service due to improper access control (CWE-284). The vulnerability arises because the device allows remote attackers to establish an FTP connection using default credentials without sufficient authentication or access restrictions. This flaw enables unauthorized remote access to sensitive resources such as configuration files and user credentials stored on the device. The vulnerability is present in version V2.1.05-210329 of the product. The CVSS 4.0 base score is 8.7, indicating a high impact with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L indicates low privileges, but the vector suggests no privileges needed), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). Exploitation does not require user interaction or advanced privileges, making it relatively easy for remote attackers to leverage this flaw. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the sensitive nature of the data accessible via FTP and the potential for attackers to manipulate device configurations or gain further network access. The lack of available patches at the time of publication increases the urgency for mitigation.

For European organizations, this vulnerability could lead to severe consequences including unauthorized disclosure of sensitive network configuration data and user credentials, which could facilitate further lateral movement or persistent access within corporate or service provider networks. Given that GPON routers are often deployed by ISPs and enterprises for broadband access, exploitation could disrupt service availability or compromise customer data privacy, violating GDPR requirements. The integrity of network configurations could be undermined, potentially allowing attackers to redirect traffic, intercept communications, or launch further attacks. The availability impact could manifest as denial of service if attackers modify or corrupt device settings. The exposure of credentials and configuration files also increases the risk of supply chain attacks or targeted espionage, especially for organizations relying on Syrotech hardware in critical infrastructure sectors.

Organizations should immediately audit their networks to identify any Syrotech SY-GPON-2010-WADONT devices running the affected firmware version V2.1.05-210329. Until a vendor patch is available, it is critical to disable or restrict FTP access to these devices, ideally limiting it to trusted management networks or using VPN tunnels for remote access. Changing default credentials to strong, unique passwords is essential to prevent unauthorized FTP logins. Network segmentation should be enforced to isolate GPON routers from general user networks. Monitoring FTP traffic for unusual access patterns or brute-force attempts can provide early detection of exploitation attempts. Additionally, organizations should engage with Syrotech Networks for firmware updates or security advisories and plan for timely patch deployment once available. Implementing multi-factor authentication for device management interfaces, if supported, can further reduce risk. Finally, conducting regular security assessments and penetration tests focusing on network infrastructure devices will help identify and remediate similar vulnerabilities proactively.