How is CVE-2026-45431 exploited?

Network reachability (required): The attacker must reach the device's web management interface over the network; the CVSS vector specifies AV:N, meaning the vulnerable surface is exposed remotely. Authentication (required): A valid account on the web management interface is needed, but any low-privilege account is sufficient; the CVSS vector specifies PR:L. Victim interaction (not-required): No action from another user is needed; the attacker can trigger the vulnerability entirely on their own, as the CVSS vector specifies UI:N. Attack complexity (info): Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions.

What is the impact of CVE-2026-45431?

The attacker executes arbitrary OS commands on the targeted ONT device with root privileges, gaining full control of the host operating system. All data accessible on the device, including configuration files, stored credentials, and network traffic passing through the ONT, can be read. The attacker can modify device configuration, alter routing behavior, or install persistent backdoors on the device. The attacker can render the device inoperable, disrupting network connectivity for any downstream users or services relying on it.

Back to search

HIGHCVE-2026-45431Published 2026-06-04Modified 2026-06-04CNA CERT-In

CVE-2026-45431: Command Injection Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 2

HarborGuard Analysis

Synopsis

A command injection vulnerability affects the web management interface of GX Earth ONT models (GX Earth 2022 and GX Earth 1010). The flaw is reachable over the network by any authenticated user, meaning a low-privilege account is sufficient to trigger it; no special conditions or victim interaction are required. Successful exploitation gives the attacker the ability to run arbitrary OS commands on the device with root privileges, resulting in full remote code execution. No fix version has been published; HarborGuard tracks this advisory and will make a patched rebuild available the moment upstream releases one.

HarborGuard Coverage

Detection

Detection for CVE-2026-45431 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle the affected GX Earth firmware or management components.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 8.7 (High) and weighting it against each environment's compliance policy to determine urgency. Routed alerts can be directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without manual intervention once a patch becomes available.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's web management interface over the network; the CVSS vector specifies AV:N, meaning the vulnerable surface is exposed remotely.
AuthenticationRequired
A valid account on the web management interface is needed, but any low-privilege account is sufficient; the CVSS vector specifies PR:L.
Victim interactionNot required
No action from another user is needed; the attacker can trigger the vulnerability entirely on their own, as the CVSS vector specifies UI:N.
Attack complexityDetail
Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions.

Blast Radius

The attacker executes arbitrary OS commands on the targeted ONT device with root privileges, gaining full control of the host operating system.
All data accessible on the device, including configuration files, stored credentials, and network traffic passing through the ONT, can be read.
The attacker can modify device configuration, alter routing behavior, or install persistent backdoors on the device.
The attacker can render the device inoperable, disrupting network connectivity for any downstream users or services relying on it.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists for CVE-2026-45431 at this time, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment GX INDIA publishes a fix. In the interim, customers are advised to use HarborGuard network-policy controls to restrict access to the web management interface to trusted management subnets only, apply egress filtering on ONT management VLANs, and flag any images embedding the affected firmware versions for manual review. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated automatically once a fix version becomes available, with no manual triage required.

See how HarborGuard automates this

Affected packages

GX INDIA / GX Earth 2022
version E2022 - 3.1.2A · version E2022 - 3.1.5AV · version E2022 - 1.1ASL
GX INDIA / GX Earth 1010
version E1010-1.1ASL

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

cert-in.org.in

Metrics

Get notified