CVE-2026-45433 in GX Earth 2022
Summary
by MITRE • 06/04/2026
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and Man-in-the-Middle (MITM) attacks on the targeted device.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/04/2026
The vulnerability in GX Earth 2022 ONT models represents a critical cryptographic flaw that fundamentally compromises the security posture of network infrastructure devices. This issue stems from the inclusion of a hardcoded RSA private key within the device firmware, creating a persistent weakness that persists across device deployments and updates. The presence of such hard-coded credentials violates fundamental security principles and creates an inherent trust model that can be easily exploited by malicious actors. The vulnerability directly maps to CWE-312 (CWE-312: Cleartext Storage of Sensitive Information) and CWE-326 (CWE-326: Inadequate Encryption Strength) within the CWE classification system, as it involves both the storage of sensitive cryptographic material in cleartext form and the use of insufficient cryptographic protection mechanisms.
The technical exploitation of this vulnerability occurs through firmware extraction processes that allow remote attackers to access the device's embedded software components. Once the hardcoded RSA private key is successfully extracted, attackers gain the ability to perform cryptographic operations that should remain protected within the device's secure environment. This compromise enables decryption of HTTPS traffic flowing through the device, effectively breaking the encryption layer that protects sensitive communications. The vulnerability creates a pathway for man-in-the-middle attacks where adversaries can intercept, modify, and inject data into network communications without detection. The attack surface extends beyond simple traffic interception to include potential certificate forgery and authentication bypass capabilities that could compromise the entire network infrastructure.
The operational impact of this vulnerability extends far beyond individual device compromise, affecting the broader network security ecosystem that relies on the integrity of cryptographic protections. Network administrators face significant challenges in detecting and mitigating this threat since the compromised key can be used across multiple devices that share the same firmware version. The vulnerability undermines trust in the device's identity verification mechanisms, potentially allowing attackers to impersonate legitimate network components and gain unauthorized access to sensitive data flows. This weakness can lead to data breaches, service disruption, and compliance violations that may result in substantial financial and reputational damage to organizations relying on affected network infrastructure.
Mitigation strategies must address both immediate remediation and long-term architectural improvements to prevent similar vulnerabilities in future deployments. Organizations should implement firmware integrity checking mechanisms and regular security assessments to identify hardcoded credentials before they can be exploited. The recommended approach includes replacing the affected firmware with updated versions that eliminate hardcoded cryptographic keys and implement proper key management practices. Network segmentation and monitoring solutions should be deployed to detect anomalous traffic patterns that may indicate exploitation attempts. Additionally, implementing certificate pinning and other cryptographic best practices can help reduce the impact of such vulnerabilities. The remediation process should also include comprehensive security training for device administrators to recognize and prevent the inclusion of hardcoded credentials in future deployments, aligning with security frameworks such as NIST SP 800-53 and ISO/IEC 27001 requirements for secure system development and maintenance.