Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.
AnalysisAI
Credential disclosure in GX Earth ONT (Optical Network Terminal) devices allows remote attackers positioned on the network path to capture administrative authentication material by sniffing the unencrypted HTTP web management interface. The flaw scores CVSS 4.0 8.7 (High) with CWE-319 (Cleartext Transmission of Sensitive Information), and no public exploit identified at time of analysis, though interception techniques are well-understood and trivial to execute on shared media.
Technical ContextAI
GX Earth ONT devices are customer-premises optical network terminals that terminate GPON/EPON fiber links and expose a web-based management UI for configuration. The vulnerability is rooted in CWE-319 (Cleartext Transmission of Sensitive Information): the device serves its administrative interface over HTTP rather than HTTPS, so login credentials traverse the network without TLS encryption. Because ONTs typically share Layer-2 segments with internal LAN devices and may be reachable from the ISP-side management VLAN, any attacker with access to traffic on those paths can passively recover usernames and passwords from HTTP form submissions or Basic Auth headers.
RemediationAI
No vendor-released patch identified at time of analysis based on the provided data - administrators should monitor the CERT-In advisory at https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0288 and the GX Earth vendor channel for firmware updates that enable HTTPS for the management UI. Compensating controls include restricting the management interface to a dedicated management VLAN or specific source IPs via ACLs (trade-off: complicates legitimate remote admin), disabling remote/WAN-side management entirely and requiring on-device or LAN-only administration (trade-off: loses convenience for ISP technicians), changing default credentials and rotating them after any suspected exposure, and segmenting the ONT off the user LAN where feasible so passive sniffers on user devices cannot observe management traffic. Where the device supports it, force HTTPS-only and disable HTTP listener; if no such toggle exists, treat the credentials as ephemeral and assume disclosure on any untrusted network.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34250
GHSA-4jr5-8v5x-7499