Men in the middle attack is possible through CSRF
CVE-2020-23587 OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V22"; & "FIRMWARE VERSION: OP_V331-191028" A vulnerability found in the "OPTILINK OP-XT71000N Hardware Version: V22 , Firmware Version: OP_V331-191028" allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack