CVE-2026-11505 PUBLISHED

GL.iNet XE3000 glnassys hard-coded key

Assigner: VulDB
Reserved: 07.06.2026 Published: 08.06.2026 Updated: 08.06.2026

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
CVSS Score: 2.3

Product Status

Vendor GL.iNet
Product A1300
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product AX1800
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product AXT1800
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product MT2500
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product MT3000
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product MT6000
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product X3000
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected
Vendor GL.iNet
Product XE3000
Versions
  • Version 4.8.* is affected
  • Version 4.9.0 is unaffected

Credits

  • GLiNet (VulDB User) reporter

References

Problem Types

  • Use of Hard-coded Cryptographic Key CWE
  • Key Management Error CWE