CVE-2024-31800
Description
Authentication bypass via UART debugging port on GNCC GC2 Indoor Security Camera allows physical attacker to gain privileged shell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authentication bypass via UART debugging port on GNCC GC2 Indoor Security Camera allows physical attacker to gain privileged shell.
Vulnerability
The GNCC GC2 Indoor Security Camera 1080P (all firmware versions) exposes a UART debugging port that provides an interactive shell login prompt. The password prompt can be bypassed by modifying bootloader settings to boot directly into a root shell. Additionally, Wi-Fi credentials are transmitted in cleartext during boot over the same UART port [1].
Exploitation
An attacker with physical access to the camera connects to the UART port while the device is powered off. Upon powering on, continuously pressing the RETURN key enters the U-Boot bootloader. The attacker then changes the boot arguments to init=/bin/sh using a setenv command, bypassing the login prompt and booting directly into a root shell [1].
Impact
Successful exploitation grants a root shell on the device, allowing the attacker to read the /etc/shadow file, revealing the root password hash (identical across all devices), and capture Wi-Fi credentials transmitted in cleartext during boot [1].
Mitigation
As of the advisory publication date (2024), the vendor has not acknowledged the vulnerabilities, and no fix or workaround is available. Physical access to the device is required for exploitation; therefore, securing physical access to the camera is the only mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.