CVE-2026-45433
published 2026-06-04CVE-2026-45433: This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could…
PriorityP351high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.34%
26.3th percentile
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gx_india | gx_earth_1010 | — | — |
| gx_india | gx_earth_2022 | — | — |
| gx_india | gx_earth_2022 | — | — |
| gx_india | gx_earth_2022 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware.
ghsa_unreviewed·2026-06-04
CVE-2026-45433 [HIGH] CWE-321 This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware.
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
VulDB
GX INDIA GX Earth 2022/GX Earth 1010 RSA Private Key hard-coded key (CIVN-2026-0288)
vuldb·2026-06-04·CVSS 8.7
CVE-2026-45433 [HIGH] GX INDIA GX Earth 2022/GX Earth 1010 RSA Private Key hard-coded key (CIVN-2026-0288)
A vulnerability was found in GX INDIA GX Earth 2022 and GX Earth 1010 and classified as problematic. The affected element is an unknown function of the component RSA Private Key Handler. Such manipulation leads to use of hard-coded cryptographic key
.
This vulnerability is referenced as CVE-2026-45433. It is possible to launch the attack remotely. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-04
Published