CVE-2026-36175
Description
A U-Boot vulnerability in GNCC GP5 v7.1.76 allows physical attackers to bypass authentication and gain root access by injecting crafted boot arguments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A U-Boot vulnerability in GNCC GP5 v7.1.76 allows physical attackers to bypass authentication and gain root access by injecting crafted boot arguments.
Vulnerability
An issue exists in the U-Boot component of GNCC GP5 firmware version 7.1.76. This vulnerability allows physically-proximate attackers to bypass authentication mechanisms and obtain root access. The vulnerability is triggered by interrupting the boot sequence and injecting a crafted string into the kernel boot arguments [1].
Exploitation
An attacker with physical access to the device can exploit this vulnerability. By interrupting the boot sequence, the attacker can inject a crafted string into the kernel boot arguments. This allows for the bypass of authentication and subsequent gain of root access [1].
Impact
Successful exploitation of this vulnerability grants an attacker root access to the device. This level of access allows for complete control over the system, potentially leading to persistent identity takeover and the ability to impersonate cloud infrastructure [1].
Mitigation
This vulnerability is currently unpatched. The vendor, GNCC, was contacted but failed to respond or remediate the issue within the coordinated vulnerability disclosure timeframe. No workarounds or fixed versions have been disclosed in the available references [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The U-Boot boot sequence can be interrupted and its arguments modified via an accessible UART interface, allowing for unauthenticated root access."
Attack vector
An attacker with physical access to the device can connect to the exposed UART headers on the PCB [ref_id=1]. By interrupting the U-Boot sequence, the attacker can modify the boot arguments to append `init=/bin/sh`. This bypasses standard OS initialization, granting the attacker an unauthenticated root shell [ref_id=1].
Affected code
The vulnerability lies within the U-Boot component of the device's boot process. Specifically, the ability to interrupt the boot sequence and modify boot arguments via the UART interface is exploited [ref_id=1].
What the fix does
The advisory does not specify any patches or remediation steps for this vulnerability. The vendor failed to respond or remediate the issues within the designated timeframe [ref_id=1]. Therefore, no fix is currently available.
Preconditions
- inputPhysical access to the device is required to connect to the UART headers.
- configThe device must have exposed and accessible UART headers on the PCB.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.