CVE-2026-11505

Summary

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

Affected Software

VendorProductVersion RangeStatus
GL.iNetA13004.8.*affected
GL.iNetA13004.9.0unaffected
GL.iNetAX18004.8.*affected
GL.iNetAX18004.9.0unaffected
GL.iNetAXT18004.8.*affected
GL.iNetAXT18004.9.0unaffected
GL.iNetMT25004.8.*affected
GL.iNetMT25004.9.0unaffected
GL.iNetMT30004.8.*affected
GL.iNetMT30004.9.0unaffected
GL.iNetMT60004.8.*affected
GL.iNetMT60004.9.0unaffected
GL.iNetX30004.8.*affected
GL.iNetX30004.9.0unaffected
GL.iNetXE30004.8.*affected
GL.iNetXE30004.9.0unaffected

Weaknesses

  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-320: Key Management Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References