Back to overview

CVE-2026-11505

MEDIUM
5.0
CVSS 3.1
Description
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

Metadata

CVE ID
CVE-2026-11505
State
PUBLISHED
Assigner
VulDB
Reserved
2026-06-07 14:06 UTC
Published
2026-06-08 10:15 UTC
Last updated
2026-06-08 13:25 UTC
Primary CWE
CWE-321
Use of Hard-coded Cryptographic Key
Vendor / Product
GL.iNet / A1300
Sources
cve.org  ·  NVD

Severity & Metrics

5.0 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (8)
VendorProductPlatformVersions
GL.iNet A1300 4.8.*, 4.9.0
GL.iNet AX1800 4.8.*, 4.9.0
GL.iNet AXT1800 4.8.*, 4.9.0
GL.iNet MT2500 4.8.*, 4.9.0
GL.iNet MT3000 4.8.*, 4.9.0
GL.iNet MT6000 4.8.*, 4.9.0
GL.iNet X3000 4.8.*, 4.9.0
GL.iNet XE3000 4.8.*, 4.9.0
Weakness (CWE)
CWESourceDescription
CWE-320 cna Key Management Error
CWE-321 cna Use of Hard-coded Cryptographic Key
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.0 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
5.0 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
4.6 N/D 2.0 cna AV:N/AC:H/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C
2.3 LOW 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
References (6)
Back to overview