CVE-2026-45432
Deferred Deferred - Pending Action

GX Earth ONT Plaintext Credential Transmission Vulnerability

Vulnerability report for CVE-2026-45432, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-07-14
AI Q&A
2026-06-04
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in GX Earth ONT models because user credentials are transmitted in plaintext over HTTP in the device's web management interface.

A remote attacker can exploit this by intercepting network traffic to capture sensitive authentication information.

This could allow the attacker to gain unauthorized access to the targeted device.

Compliance Impact

This vulnerability involves the transmission of user credentials in plaintext over HTTP, which can lead to interception of sensitive authentication information by remote attackers.

Such exposure of sensitive data could potentially violate common security requirements in standards and regulations like GDPR and HIPAA, which mandate protection of personal and sensitive information during transmission.

Unauthorized access resulting from this vulnerability may lead to breaches of confidentiality and integrity, further impacting compliance with these regulations.

Impact Analysis

The vulnerability can lead to unauthorized access to the affected GX Earth ONT device.

An attacker who intercepts the plaintext credentials could control or manipulate the device, potentially compromising network security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart