CVE-2026-45432 PUBLISHED

Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

Assigner: CERT-In
Reserved: 12.05.2026 Published: 04.06.2026 Updated: 04.06.2026

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor GX INDIA
Product GX Earth 2022
Versions Default: unaffected
  • Version version E2022 - 3.1.2A is affected
  • Version version E2022 - 3.1.5AV is affected
  • Version version E2022 - 1.1ASL is affected
Vendor GX INDIA
Product GX Earth 1010
Versions Default: unaffected
  • Version version E1010-1.1ASL is affected

Solutions

Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL.

Upgrade GX Earth 1010 to latest firmware version E1010-1.2ASL

Credits

  • This vulnerability is reported by Anmol Bakshi. finder

References

Problem Types

  • CWE-319: Cleartext Transmission of Sensitive Information CWE

Impacts

  • CAPEC-117: Interception