CVE-2026-11505
2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Summary
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GL.iNet | A1300 | 4.8.* | affected |
| GL.iNet | A1300 | 4.9.0 | unaffected |
| GL.iNet | AX1800 | 4.8.* | affected |
| GL.iNet | AX1800 | 4.9.0 | unaffected |
| GL.iNet | AXT1800 | 4.8.* | affected |
| GL.iNet | AXT1800 | 4.9.0 | unaffected |
| GL.iNet | MT2500 | 4.8.* | affected |
| GL.iNet | MT2500 | 4.9.0 | unaffected |
| GL.iNet | MT3000 | 4.8.* | affected |
| GL.iNet | MT3000 | 4.9.0 | unaffected |
| GL.iNet | MT6000 | 4.8.* | affected |
| GL.iNet | MT6000 | 4.9.0 | unaffected |
| GL.iNet | X3000 | 4.8.* | affected |
| GL.iNet | X3000 | 4.9.0 | unaffected |
| GL.iNet | XE3000 | 4.8.* | affected |
| GL.iNet | XE3000 | 4.9.0 | unaffected |
Weaknesses
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-320: Key Management Error
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/vuln/369125
- https://vuldb.com/vuln/369125/cti
- https://vuldb.com/cve/CVE-2026-11505
- https://vuldb.com/submit/835698
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md
- https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.