QSearchQSearch

CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware

Published: 2026-06-04 · Last updated: 2026-06-04

Severity and scoring

CWE
CWE-321

Description

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-11505 A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)
  • CVE-2026-46395 HAX CMS helps manage microsite universe with PHP or NodeJs backends
  • CVE-2026-11347 The linqi application contains hardcoded cryptographic keys
  • CVE-2026-50226 Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers (5.3 MEDIUM)
  • CVE-2026-45041 RustFS is a distributed object storage system built in Rust