CVE-2026-11505

MEDIUM

GL.iNet XE3000 glnassys hard-coded key

Title source: cna

Description

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

References (6)

Core 6

Core References

Vdb Entry vdb-entry

VDB-369125 | GL.iNet XE3000 glnassys hard-coded key

https://vuldb.com/vuln/369125

Signature, Permissions Required signature permissions-required

VDB-369125 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/vuln/369125/cti

Third Party Advisory third-party-advisory

CVE-2026-11505 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11505

Third Party Advisory third-party-advisory

Submit #835698 | GL.iNet Router 4.8.x unauthorized

https://vuldb.com/submit/835698

View Writeup ZIP pw:eip

Patch patch

https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar

Scores

CVSS v3 5.0

EPSS 0.0019

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (16)

GL.iNet/A1300 4.8.*

GL.iNet/A1300 4.9.0

GL.iNet/AX1800 4.8.*

GL.iNet/AX1800 4.9.0

GL.iNet/AXT1800 4.8.*

GL.iNet/AXT1800 4.9.0

GL.iNet/MT2500 4.8.*

GL.iNet/MT2500 4.9.0

GL.iNet/MT3000 4.8.*

GL.iNet/MT3000 4.9.0

... and 6 more

Published Jun 08, 2026

Tracked Since Jun 08, 2026