Anmol Bakshi

This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead to unauthorized access to the targeted device.

**Name of the Vulnerable Software and Affected Versions** GX Earth 2022 ONT models **Description** An issue exists due to a hardcoded RSA private key within the device firmware. A remote attacker could extract this cryptographic private key to decrypt HTTPS traffic and perform Man-in-the-Middle (MITM) attacks, which involve an attacker secretly relaying and possibly altering the communications between two parties who believe they are directly communicating with each other. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.