CVE-2026-11505
GL.iNet XE3000 glnassys hard-coded key
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
13th
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
| CWE | CWE-321 CWE-320 |
| Vendor | gl.inet |
| Product | a1300 |
| Published | Jun 8, 2026 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for gl.inet a1300
Be the first to know when new medium vulnerabilities affecting gl.inet a1300 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
GL.iNet / A1300
4.8.*
GL.iNet / AX1800
4.8.*
GL.iNet / AXT1800
4.8.*
GL.iNet / MT2500
4.8.*
GL.iNet / MT3000
4.8.*
GL.iNet / MT6000
4.8.*
GL.iNet / X3000
4.8.*
GL.iNet / XE3000
4.8.*
References
vuldb.com: https://vuldb.com/vuln/369125 vuldb.com: https://vuldb.com/vuln/369125/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11505 vuldb.com: https://vuldb.com/submit/835698 github.com: https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md cloud-static-test.gl-inet.cn: https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar
Credits
๐ GLiNet (VulDB User)