PatchSiren cyber security CVE debrief
CVE-2026-45433 GX INDIA CVE debrief
A vulnerability exists in GX Earth 2022 ONT models due to the presence of a hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
- Vendor
- GX INDIA
- Product
- GX Earth 2022
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of GX Earth 2022 ONT models should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Update the device firmware to a version that does not contain the hardcoded RSA private key.
- Use secure communication protocols to protect against Man-in-the-Middle (MITM) attacks.
Evidence notes
The vulnerability was reported by [email protected] and is tracked under CWE-321.
Official resources
-
CVE-2026-45433 CVE record
CVE.org
-
CVE-2026-45433 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45433 was published on 2026-06-04T14:16:41.810Z and modified on 2026-06-04T15:26:10.707Z.