CVE-2026-11505
MEDIUM5.0CVSS v3
4.6CVSS v2
—
EPSS (exploit probability)
CWE-320CWE
Description
A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. Upgrading to version 4.9.0 mitigates this issue. Upgrading the affected component is advised.
CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected routers (2)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch Status |
|---|---|---|---|---|---|
| Cradlepoint | Cradlepoint E300 | — |
— | — | Unpatched |
| Cradlepoint | Cradlepoint E3000 | — |
— | — | Unpatched |