Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

AI Analysis

Cleartext transmission of credentials vulnerability in GX Earth ONT models due to plaintext HTTP transmission in the web management interface

Basic Information

ID CVE-2026-45432

Source CERT-In

Published Jun 4, 2026 at 12:07

Affected Product

Vendor GX INDIA

Product GX Earth 2022

Version version E2022 - 3.1.2A

Affected Versions GX INDIA GX Earth 2022 version E2022 - 3.1.2A
GX INDIA GX Earth 2022 version E2022 - 3.1.5AV
GX INDIA GX Earth 2022 version E2022 - 1.1ASL
GX INDIA GX Earth 1010 version E1010-1.1ASL

CWE Classification

CWE-319

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor GX INDIA

Product GX Earth 2022

Version E2022 - 3.1.2A, E2022 - 3.1.5AV, E2022 - 1.1ASL, E1010-1.1ASL

References

www.cert-in.org.in /s2cMainServlet

{
    "lastseen": "",
    "description": "This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.",
    "published": "2026-06-04T12:07:31.670Z",
    "modified": "2026-06-04T12:07:31.670Z",
    "type": "cve",
    "title": "Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models",
    "source": "CERT-In",
    "references": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288",
    "id": "CVE-2026-45432",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "GX INDIA GX Earth 2022 version E2022 - 3.1.2A\nGX INDIA GX Earth 2022 version E2022 - 3.1.5AV\nGX INDIA GX Earth 2022 version E2022 - 1.1ASL\nGX INDIA GX Earth 1010 version E1010-1.1ASL",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GX Earth 2022",
    "version": "version E2022 - 3.1.2A",
    "vendor": "GX INDIA",
    "ai_description": "Cleartext transmission of credentials vulnerability in GX Earth ONT models due to plaintext HTTP transmission in the web management interface",
    "ai_severity": "High",
    "ai_vendor": "GX INDIA",
    "ai_product": "GX Earth 2022",
    "ai_version": "E2022 - 3.1.2A, E2022 - 3.1.5AV, E2022 - 1.1ASL, E1010-1.1ASL",
    "ai_score": 8.7
}

Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models_CVE-2026-45432