CVE-2026-45431: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in GX INDIA GX Earth 2022
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-45431) involves improper neutralization of special elements used in OS commands (CWE-78) within GX INDIA's GX Earth 2022 ONT models. Specifically, multiple diagnostic functions in the web management interface do not properly sanitize user-supplied input, allowing an authenticated remote attacker to inject and execute arbitrary OS commands. Successful exploitation results in remote code execution with root privileges, posing a significant risk to device integrity and network security. The affected versions are E2022 - 3.1.2A, 3.1.5AV, and 1.1ASL. The CVSS v4.0 vector indicates network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been published by the vendor as of the date of this report.
Potential Impact
Exploitation of this vulnerability allows an authenticated remote attacker to execute arbitrary OS commands with root privileges on the targeted GX Earth 2022 device. This can lead to full compromise of the device, including unauthorized control, data manipulation, and disruption of device operations. The high CVSS score (8.7) reflects the critical nature of the impact on confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the web management interface to trusted administrators only and enforce strong authentication controls. Monitor for unusual activity on affected devices. Do not expose the management interface to untrusted networks. Follow GX INDIA's official channels for updates on patches or mitigations.
CVE-2026-45431: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in GX INDIA GX Earth 2022
Description
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-45431) involves improper neutralization of special elements used in OS commands (CWE-78) within GX INDIA's GX Earth 2022 ONT models. Specifically, multiple diagnostic functions in the web management interface do not properly sanitize user-supplied input, allowing an authenticated remote attacker to inject and execute arbitrary OS commands. Successful exploitation results in remote code execution with root privileges, posing a significant risk to device integrity and network security. The affected versions are E2022 - 3.1.2A, 3.1.5AV, and 1.1ASL. The CVSS v4.0 vector indicates network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been published by the vendor as of the date of this report.
Potential Impact
Exploitation of this vulnerability allows an authenticated remote attacker to execute arbitrary OS commands with root privileges on the targeted GX Earth 2022 device. This can lead to full compromise of the device, including unauthorized control, data manipulation, and disruption of device operations. The high CVSS score (8.7) reflects the critical nature of the impact on confidentiality, integrity, and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the web management interface to trusted administrators only and enforce strong authentication controls. Monitor for unusual activity on affected devices. Do not expose the management interface to untrusted networks. Follow GX INDIA's official channels for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-In
- Date Reserved
- 2026-05-12T07:31:47.897Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a216d2ee29bf47b509f3c3b
Added to database: 6/4/2026, 12:18:54 PM
Last enriched: 6/4/2026, 12:33:38 PM
Last updated: 6/4/2026, 2:27:58 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.