CVE-2026-45432
GX Earth ONT Plaintext Credential Transmission Vulnerability
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GX Earth ONT models because user credentials are transmitted in plaintext over HTTP in the device's web management interface.
A remote attacker can exploit this by intercepting network traffic to capture sensitive authentication information.
This could allow the attacker to gain unauthorized access to the targeted device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the transmission of user credentials in plaintext over HTTP, which can lead to interception of sensitive authentication information by remote attackers.
Such exposure of sensitive data could potentially violate common security requirements in standards and regulations like GDPR and HIPAA, which mandate protection of personal and sensitive information during transmission.
Unauthorized access resulting from this vulnerability may lead to breaches of confidentiality and integrity, further impacting compliance with these regulations.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the affected GX Earth ONT device.
An attacker who intercepts the plaintext credentials could control or manipulate the device, potentially compromising network security.