CVE-2026-11505
Gravedad CVSS v4.0:
BAJA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/06/2026
Última modificación:
08/06/2026
Descripción
*** Pendiente de traducción *** A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key<br />
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
Impacto
Puntuación base 4.0
2.30
Gravedad 4.0
BAJA
Puntuación base 3.x
5.00
Gravedad 3.x
MEDIA
Puntuación base 2.0
4.60
Gravedad 2.0
MEDIA
Referencias a soluciones, herramientas e información
- https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md
- https://vuldb.com/cve/CVE-2026-11505
- https://vuldb.com/submit/835698
- https://vuldb.com/vuln/369125
- https://vuldb.com/vuln/369125/cti