← Back to CVE List
CVE-2026-11505NVD
Vulnerability Summary
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
External References
- https://vuldb.com/vuln/369125
- https://vuldb.com/vuln/369125/cti
- https://vuldb.com/cve/CVE-2026-11505
- https://vuldb.com/submit/835698
- https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/The%20hard%20coded%20default%20authentication%20token%20in%20gl%20nas%20sys%20poses%20a%20risk%20to%20unauthorized%20command%20execution.md
- https://cloud-static-test.gl-inet.cn/security/openwrt-ipq60xx-glinet_ax1800-squashfs-sysupgrade.tar