CVE-2026-45431 HIGH

CVE-2026-45431: Command Injection Vulnerability in GX Earth ONT Models

Vendor Gx India

Product GX Earth 2022

Weakness CWE-78

Published June 4, 2026

Last update June 4, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

Key dates

02Disclosure timeline

June 4, 2026 CVE published

June 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-45431 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-45431

CWE CWE-78

CVSS 8.7 / HIGH

Affected versions

Vendor Gx India

Product GX Earth 2022

Affected version E2022 - 3.1.2A

Vendor Gx India

Product GX Earth 2022

Affected version E2022 - 3.1.5AV

Vendor Gx India

Product GX Earth 2022

Affected version E2022 - 1.1ASL

Vendor Gx India

Product GX Earth 1010

Affected version E1010-1.1ASL

CVE-2026-45431: Command Injection Vulnerability in GX Earth ONT Models

01Description

02Disclosure timeline

03References

04Related CVE