How is CVE-2026-45432 exploited?

Network reachability (required): The attacker must reach the device's HTTP management interface over the network to intercept the plaintext credential exchange. Authentication (not-required): No account or prior authentication is needed; the attacker only needs to observe unencrypted traffic. Victim interaction (not-required): No user action is required beyond the target performing a normal login over the unencrypted interface. Attack complexity (info): Exploit conditions are straightforward and reliable; no race conditions or special environmental factors are required to capture the cleartext credentials.

What is the impact of CVE-2026-45432?

An attacker who intercepts traffic reads plaintext login credentials (username and password) as they are transmitted to the management interface. With captured credentials, the attacker can authenticate to the targeted ONT device and take full administrative control of its configuration. Device configuration changes can redirect, drop, or intercept all traffic passing through the ONT, affecting downstream network users.

Back to search

HIGHCVE-2026-45432Published 2026-06-04Modified 2026-06-04CNA CERT-In

CVE-2026-45432: Cleartext Transmission of Credentials Vulnerability in GX Earth ONT Models

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 2

HarborGuard Analysis

Synopsis

Cleartext transmission of credentials is present in the web management interface of GX Earth ONT models (E2022 and E1010 product lines). The interface sends user login credentials over unencrypted HTTP, making them readable to any attacker positioned to intercept the network traffic; no authentication or victim interaction is required to capture the data. Successful interception gives the attacker valid credentials, enabling unauthorized login to the targeted device. No fix version has been published yet; HarborGuard tracks this advisory and will surface a patched-image rebuild the moment upstream releases one.

HarborGuard Coverage

Detection

Detection of CVE-2026-45432 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle GX Earth ONT firmware or management tooling.

Available

Triage

HarborGuard scores this finding at CVSS 8.7 (HIGH) using the v4.0 vector and weights it against each environment's compliance policy to determine urgency and routing. Findings are dispatched to the team inbox configured by each customer organization, so the right engineers see it without manual sorting.

Available

Patch

No upstream fix is currently available for CVE-2026-45432. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix version is published upstream.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's HTTP management interface over the network to intercept the plaintext credential exchange.
AuthenticationNot required
No account or prior authentication is needed; the attacker only needs to observe unencrypted traffic.
Victim interactionNot required
No user action is required beyond the target performing a normal login over the unencrypted interface.
Attack complexityDetail
Exploit conditions are straightforward and reliable; no race conditions or special environmental factors are required to capture the cleartext credentials.

Blast Radius

An attacker who intercepts traffic reads plaintext login credentials (username and password) as they are transmitted to the management interface.
With captured credentials, the attacker can authenticate to the targeted ONT device and take full administrative control of its configuration.
Device configuration changes can redirect, drop, or intercept all traffic passing through the ONT, affecting downstream network users.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against customer images continuously, and findings are scored and routed according to each environment's compliance policy. Because no upstream fix exists today, HarborGuard monitors the CERT-In advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment a fix version is published. In the interim, compensating controls worth considering include network-policy rules that restrict access to the HTTP management interface to trusted management VLANs or hosts, egress filtering to prevent unintended exposure of the interface to broader network segments, and where the device firmware permits it, disabling the HTTP interface in favor of HTTPS or SSH. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will be initiated without manual intervention once the patch is available.

See how HarborGuard automates this

Affected packages

GX INDIA / GX Earth 2022
version E2022 - 3.1.2A · version E2022 - 3.1.5AV · version E2022 - 1.1ASL
GX INDIA / GX Earth 1010
version E1010-1.1ASL

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

cert-in.org.in

Metrics

Get notified