CVE 8.7 HIGH

Command Injection Vulnerability in GX Earth ONT Models_CVE-2026-45431

June 4, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

AI Analysis

Command injection vulnerability in GX Earth ONT models allowing remote code execution with root privileges

Basic Information

ID CVE-2026-45431

Source CERT-In

Published Jun 4, 2026 at 12:04

Affected Product

Vendor GX INDIA

Product GX Earth 2022

Version version E2022 - 3.1.2A

Affected Versions GX INDIA GX Earth 2022 version E2022 - 3.1.2A
GX INDIA GX Earth 2022 version E2022 - 3.1.5AV
GX INDIA GX Earth 2022 version E2022 - 1.1ASL
GX INDIA GX Earth 1010 version E1010-1.1ASL

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor GX INDIA

Product GX Earth 2022

Version E2022 - 3.1.2A, E2022 - 3.1.5AV, E2022 - 1.1ASL, E1010-1.1ASL

References

www.cert-in.org.in /s2cMainServlet

{
    "lastseen": "",
    "description": "This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device.\n\n\t\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.",
    "published": "2026-06-04T12:04:09.597Z",
    "modified": "2026-06-04T12:04:09.597Z",
    "type": "cve",
    "title": "Command Injection Vulnerability in GX Earth ONT Models",
    "source": "CERT-In",
    "references": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288",
    "id": "CVE-2026-45431",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "GX INDIA GX Earth 2022 version E2022 - 3.1.2A\nGX INDIA GX Earth 2022 version E2022 - 3.1.5AV\nGX INDIA GX Earth 2022 version E2022 - 1.1ASL\nGX INDIA GX Earth 1010 version E1010-1.1ASL",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GX Earth 2022",
    "version": "version E2022 - 3.1.2A",
    "vendor": "GX INDIA",
    "ai_description": "Command injection vulnerability in GX Earth ONT models allowing remote code execution with root privileges",
    "ai_severity": "High",
    "ai_vendor": "GX INDIA",
    "ai_product": "GX Earth 2022",
    "ai_version": "E2022 - 3.1.2A, E2022 - 3.1.5AV, E2022 - 1.1ASL, E1010-1.1ASL",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply