EUVD-2026-35040
GHSA-2r8p-5hq4-h3r4
Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
AnalysisAI
Hard-coded cryptographic key exposure in the glnassys (GL.iNet NAS system) component across eight GL.iNet router models running firmware 4.8.x enables a low-privileged remote attacker to exploit a static authentication token and potentially execute unauthorized commands against the NAS subsystem. The vulnerability is rooted in CWE-321 (Use of Hard-coded Cryptographic Key), where the firmware embeds a fixed authentication secret that cannot be rotated by users or administrators. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The glnassys (GL.iNet NAS system) component must be active on the target device - this feature is present on affected models but may not be in use if no NAS functionality is configured. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.3 is notably low and reflects several limiting factors: AC:H (high attack complexity, meaning exploitation is technically difficult and not trivially automatable), PR:L (low privileges required - the attacker must already have some level of access, not a fully unauthenticated attack), and impact constrained to VC:L/VI:L/VA:L with no lateral scope change (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged attacker with network access to an affected GL.iNet router running firmware 4.8.x could extract the hard-coded authentication token from the glnassys binary (via firmware download and reverse engineering, which is the source of the AC:H rating), then craft authenticated API requests to the NAS management subsystem using the static token. With this access, the attacker could issue unauthorized commands to the NAS component, potentially reading stored files or manipulating NAS configuration. … |
| Remediation | Upgrade all affected GL.iNet router models to firmware version 4.9.0, which the vendor has confirmed mitigates this issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today