CVE-2026-11505
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.0 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Description
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-320
Source
NVD
Vendor
GL.iNet
Product
A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000
External References
- https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md
- https://vuldb.com/cve/CVE-2026-11505
- https://vuldb.com/submit/835698
- https://vuldb.com/vuln/369125
- https://vuldb.com/vuln/369125/cti
Discussion (0)
Add Comment
No comments yet. Be the first!