CVE-2026-45432
Deferred Deferred - Pending Action
GX Earth ONT Plaintext Credential Transmission Vulnerability

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-45432
EUVD
EUVD-2026-34250
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in GX Earth ONT models because user credentials are transmitted in plaintext over HTTP in the device's web management interface.

A remote attacker can exploit this by intercepting network traffic to capture sensitive authentication information.

This could allow the attacker to gain unauthorized access to the targeted device.

Impact Analysis

The vulnerability can lead to unauthorized access to the affected GX Earth ONT device.

An attacker who intercepts the plaintext credentials could control or manipulate the device, potentially compromising network security.

Compliance Impact

This vulnerability involves the transmission of user credentials in plaintext over HTTP, which can lead to interception of sensitive authentication information by remote attackers.

Such exposure of sensitive data could potentially violate common security requirements in standards and regulations like GDPR and HIPAA, which mandate protection of personal and sensitive information during transmission.

Unauthorized access resulting from this vulnerability may lead to breaches of confidentiality and integrity, further impacting compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart