CVE-2026-45431 PUBLISHED

Command Injection Vulnerability in GX Earth ONT Models

Assigner: CERT-In
Reserved: 12.05.2026 Published: 04.06.2026 Updated: 04.06.2026

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	GX INDIA
Product	GX Earth 2022
Versions	Default: unaffected Version version E2022 - 3.1.2A is affected Version version E2022 - 3.1.5AV is affected Version version E2022 - 1.1ASL is affected

Vendor	GX INDIA
Product	GX Earth 1010
Versions	Default: unaffected Version version E1010-1.1ASL is affected

Solutions

Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL.

Upgrade GX Earth 1010 to latest firmware version E1010-1.2ASL

Credits

This vulnerability is reported by Anmol Bakshi. finder

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288

Problem Types

CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') CWE

Impacts

CAPEC-88 OS Command Injection