CVE-2026-45433

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.

321

Use of Hard-coded Cryptographic Key

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES…

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-…

CVE-2026-45433

Description

Use of Hard-coded Cryptographic Key

Common Consequences

Applicable Platforms

Iscriviti alla newsletter