CVE-2026-45433
Description
GX Earth 2022 ONT models contain a hardcoded RSA private key, allowing attackers to decrypt HTTPS traffic and perform MITM attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GX Earth 2022 ONT models contain a hardcoded RSA private key, allowing attackers to decrypt HTTPS traffic and perform MITM attacks.
Vulnerability
This vulnerability exists in GX Earth 2022 ONT models, specifically versions E2022 - 3.1.2A, 3.1.5A, and E2022 1.1ASL, due to a hardcoded RSA private key embedded within the device firmware [1].
Exploitation
A remote attacker can exploit this vulnerability by extracting the hardcoded cryptographic private key from the device firmware. This extraction does not require any specific authentication or user interaction, only access to the firmware itself [1].
Impact
Successful exploitation allows an attacker to decrypt HTTPS traffic and conduct Man-in-the-Middle (MITM) attacks against the targeted device. This can lead to unauthorized access and compromise of sensitive information transmitted over the network [1].
Mitigation
No specific patch or fixed version information is available in the provided references. Users are advised to consult the vendor for potential mitigation strategies or updated firmware. The affected devices are GX Earth 2022 models E2022 - 3.1.2A, 3.1.5A, and E2022 1.1ASL [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.