Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by GX INDIA
CVE-2026-45433 (GCVE-0-2026-45433)
Vulnerability from nvd – Published: 2026-06-04 12:13 – Updated: 2026-06-04 13:47
VLAI
Title
Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:47:42.792967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:47:51.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device."
}
],
"value": "This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of hard-coded cryptographic key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:13:41.901Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45433",
"datePublished": "2026-06-04T12:13:41.901Z",
"dateReserved": "2026-05-12T07:31:47.898Z",
"dateUpdated": "2026-06-04T13:47:51.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45432 (GCVE-0-2026-45432)
Vulnerability from nvd – Published: 2026-06-04 12:07 – Updated: 2026-06-04 13:22
VLAI
Title
Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:22:12.348687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:22:25.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device."
}
],
"value": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117: Interception"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:07:31.670Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45432",
"datePublished": "2026-06-04T12:07:31.670Z",
"dateReserved": "2026-05-12T07:31:47.898Z",
"dateUpdated": "2026-06-04T13:22:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45431 (GCVE-0-2026-45431)
Vulnerability from nvd – Published: 2026-06-04 12:04 – Updated: 2026-06-04 13:25
VLAI
Title
Command Injection Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.
Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:24:47.937680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:25:09.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.\n\u003cbr\u003e\t\n\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.\n\n\t\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:04:09.597Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45431",
"datePublished": "2026-06-04T12:04:09.597Z",
"dateReserved": "2026-05-12T07:31:47.897Z",
"dateUpdated": "2026-06-04T13:25:09.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45433 (GCVE-0-2026-45433)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:13 – Updated: 2026-06-04 13:47
VLAI
Title
Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:47:42.792967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:47:51.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device."
}
],
"value": "This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of hard-coded cryptographic key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:13:41.901Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45433",
"datePublished": "2026-06-04T12:13:41.901Z",
"dateReserved": "2026-05-12T07:31:47.898Z",
"dateUpdated": "2026-06-04T13:47:51.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45432 (GCVE-0-2026-45432)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:07 – Updated: 2026-06-04 13:22
VLAI
Title
Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:22:12.348687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:22:25.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device."
}
],
"value": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117: Interception"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:07:31.670Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45432",
"datePublished": "2026-06-04T12:07:31.670Z",
"dateReserved": "2026-05-12T07:31:47.898Z",
"dateUpdated": "2026-06-04T13:22:25.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45431 (GCVE-0-2026-45431)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:04 – Updated: 2026-06-04 13:25
VLAI
Title
Command Injection Vulnerability in GX Earth ONT Models
Summary
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.
Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| GX INDIA | GX Earth 2022 |
Affected:
version E2022 - 3.1.2A
Affected: version E2022 - 3.1.5AV Affected: version E2022 - 1.1ASL |
|
| GX INDIA | GX Earth 1010 |
Affected:
version E1010-1.1ASL
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:24:47.937680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:25:09.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Earth 2022",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E2022 - 3.1.2A"
},
{
"status": "affected",
"version": "version E2022 - 3.1.5AV"
},
{
"status": "affected",
"version": "version E2022 - 1.1ASL"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GX Earth 1010",
"vendor": "GX INDIA",
"versions": [
{
"status": "affected",
"version": "version E1010-1.1ASL"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.2a:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_3.1.5av:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_2022:version_e2022_-_1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gx_india:gx_earth_1010:version_e1010-1.1asl:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Anmol Bakshi."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.\n\u003cbr\u003e\t\n\u003cbr\u003eSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.\n\n\t\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:04:09.597Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0288"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\u003cbr\u003eUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL. \n\nUpgrade GX Earth 1010 to latest firmware version E1010-1.2ASL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in GX Earth ONT Models",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-45431",
"datePublished": "2026-06-04T12:04:09.597Z",
"dateReserved": "2026-05-12T07:31:47.897Z",
"dateUpdated": "2026-06-04T13:25:09.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}