CVE-2026-45431

HIGH

GX Earth ONT Models - Authenticated OS Command Injection

Title source: manual

Description

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

References (1)

Core 1

Core References

Third Party Advisory third-party-advisory

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288

Scores

CVSS v4 8.7

EPSS 0.0039

EPSS Percentile 30.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (4)

GX INDIA/GX Earth 1010 version E1010-1.1ASL

GX INDIA/GX Earth 2022 version E2022 - 1.1ASL

GX INDIA/GX Earth 2022 version E2022 - 3.1.2A

GX INDIA/GX Earth 2022 version E2022 - 3.1.5AV

Published Jun 04, 2026

Tracked Since Jun 04, 2026