CVE-2026-11505

5.0 MEDIUM
Published: June 08, 2026 Modified: June 08, 2026
View on NVD

Description

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar
Source: cna@vuldb.com
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md
Source: cna@vuldb.com
https://vuldb.com/cve/CVE-2026-11505
Source: cna@vuldb.com
https://vuldb.com/submit/835698
Source: cna@vuldb.com
https://vuldb.com/vuln/369125
Source: cna@vuldb.com
https://vuldb.com/vuln/369125/cti
Source: cna@vuldb.com

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.0 / 10.0
EPSS (Exploit Probability)
0.2%
9th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-320 CWE-321

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1