VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 4, 2026· Updated Jun 4, 2026

CVE-2026-36174

CVE-2026-36174

Description

GNCC GP5 v7.1.76 stores sensitive wireless network info in plaintext to the serial console, allowing physical attackers to steal credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GNCC GP5 v7.1.76 stores sensitive wireless network info in plaintext to the serial console, allowing physical attackers to steal credentials.

Vulnerability

GNCC GP5 indoor cameras running firmware version 7.1.76 store sensitive wireless network information, including network credentials and private keys, in plaintext to the serial console during routine operations. This vulnerability is present on devices utilizing the T23 architecture [1].

Exploitation

An attacker with physical proximity to the device can exploit this vulnerability by monitoring the serial UART interface. By accessing the console output, the attacker can obtain sensitive information such as WiFi, MQTT, and RSA credentials that are logged in plaintext [1].

Impact

Successful exploitation allows a physically-proximate attacker to obtain sensitive information, including network credentials and private keys. This could lead to unauthorized access to the wireless network, the MQTT broker, and potentially compromise cloud infrastructure impersonation via leaked tokens [1].

Mitigation

This vulnerability is currently unpatched. The vendor has not responded to vulnerability disclosure efforts. No workarounds are publicly available. The affected firmware version is 7.1.76 on the GNCC GP5 (T23 Platform) [1].

References
  1. IoT-Vulnerability-Research-Public/GNCC-GP5-T23/README.md at main · BadChemical/IoT-Vulnerability-Research-Public

AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Sensitive wireless network information is stored and transmitted in plaintext to the serial console."

Attack vector

An attacker with physical access to the device can connect to the serial UART interface. During the device's boot and provisioning sequence, sensitive information including the full RSA private key, local Wi-Fi SSID and password, and MQTT request tokens are outputted in plaintext to the serial console. This allows the attacker to obtain network credentials and impersonate the device on cloud infrastructure [ref_id=1].

Affected code

The vulnerability is related to the device's routine operations and provisioning sequence, where sensitive information is outputted to the serial console [ref_id=1].

What the fix does

The advisory does not specify a patch or provide remediation guidance. Therefore, no fix is currently available for this vulnerability.

Preconditions

  • networkPhysical access to the device is required to connect to the serial UART interface.

Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.