CVE-2026-11505: Use of Hard-coded Cryptographic Key in GL.iNet A1300
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
AI Analysis
Technical Summary
This vulnerability concerns a hard-coded cryptographic key in an unspecified function of the glnassys component in GL.iNet routers (models A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000) running firmware 4.8.x. The presence of a hard-coded key could potentially weaken cryptographic protections, but exploitation requires complex remote manipulation and is considered difficult. The vendor advises upgrading to version 4.9.0 to mitigate the issue.
Potential Impact
The use of a hard-coded cryptographic key can undermine the security of cryptographic operations, potentially allowing attackers to bypass certain protections. However, the low CVSS score (2.3) and the high complexity required for exploitation indicate limited practical impact. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrading the affected devices to firmware version 4.9.0 is advised to mitigate this vulnerability. Since the vendor has released an upgrade that addresses this issue, applying this official fix is the recommended remediation. No additional mitigations are specified.
CVE-2026-11505: Use of Hard-coded Cryptographic Key in GL.iNet A1300
Description
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
CVSS v4.0
Score 2.3low
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability concerns a hard-coded cryptographic key in an unspecified function of the glnassys component in GL.iNet routers (models A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000, XE3000) running firmware 4.8.x. The presence of a hard-coded key could potentially weaken cryptographic protections, but exploitation requires complex remote manipulation and is considered difficult. The vendor advises upgrading to version 4.9.0 to mitigate the issue.
Potential Impact
The use of a hard-coded cryptographic key can undermine the security of cryptographic operations, potentially allowing attackers to bypass certain protections. However, the low CVSS score (2.3) and the high complexity required for exploitation indicate limited practical impact. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrading the affected devices to firmware version 4.9.0 is advised to mitigate this vulnerability. Since the vendor has released an upgrade that addresses this issue, applying this official fix is the recommended remediation. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-07T14:06:05.114Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a26a89be29bf47b50de23e3
Added to database: 6/8/2026, 11:33:47 AM
Last enriched: 6/8/2026, 11:49:21 AM
Last updated: 6/9/2026, 2:20:40 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.