CVE-2026-45433 PUBLISHED

Hardcoded Cryptographic Key Vulnerability in GX Earth ONT Models

Assigner: CERT-In
Reserved: 12.05.2026 Published: 04.06.2026 Updated: 04.06.2026

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	GX INDIA
Product	GX Earth 2022
Versions	Default: unaffected Version version E2022 - 3.1.2A is affected Version version E2022 - 3.1.5AV is affected Version version E2022 - 1.1ASL is affected

Vendor	GX INDIA
Product	GX Earth 1010
Versions	Default: unaffected Version version E1010-1.1ASL is affected

Solutions

Upgrade GX Earth 2022 to latest firmware version E2022-3.1.5A, E2022-3.1.8AV or E2022-1.2ASL.

Upgrade GX Earth 1010 to latest firmware version E1010-1.2ASL

Credits

This vulnerability is reported by Anmol Bakshi. finder

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288

Problem Types

CWE-321 Use of hard-coded cryptographic key CWE