CVE-2026-45431
Description
An authenticated remote attacker can execute OS commands with root privileges on GX Earth ONT models via improper input handling in diagnostic functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated remote attacker can execute OS commands with root privileges on GX Earth ONT models via improper input handling in diagnostic functions.
Vulnerability
This vulnerability exists in GX Earth ONT models, specifically version E2022 - 3.1.2A, 3.1.5AV, E2022 1.1ASL and E1010 - version E1010-1.1ASL, due to improper handling of user-supplied input in multiple diagnostic functions within its web management interface [1].
Exploitation
An authenticated remote attacker can exploit this vulnerability by injecting arbitrary OS commands through the diagnostic functions in the web management interface. This requires network access to the device and valid user credentials.
Impact
Successful exploitation allows an attacker to perform remote code execution with root privileges on the targeted device, potentially leading to a full device compromise and information disclosure [1].
Mitigation
No specific patch or fixed version information is available in the provided references. Users are advised to consult the vendor for updated information regarding mitigation strategies or patches. The affected devices are GX Earth 2022 and GX Earth 1010 models [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.