CVE-2026-36176
Description
GNCC GP5 firmware 7.1.76 leaks Backblaze B2 upload tokens to the serial console, allowing physical attackers to impersonate the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GNCC GP5 firmware 7.1.76 leaks Backblaze B2 upload tokens to the serial console, allowing physical attackers to impersonate the device.
Vulnerability
GNCC GP5 devices running firmware version 7.1.76 store pre-signed Backblaze B2 upload URLs, used for PUT requests, in plaintext to the serial console. This vulnerability is present on the T23 platform and potentially similar models [1].
Exploitation
An attacker with physical proximity to the device can monitor the serial UART interface to extract active Backblaze B2 upload tokens. These tokens can then be used to perform unauthorized operations by impersonating the device's cloud infrastructure access [1].
Impact
Successful exploitation allows an attacker to perform unauthorized operations via Backblaze B2, potentially leading to data exfiltration or manipulation, and cloud infrastructure impersonation. The scope of compromise is limited to the device's cloud credentials [1].
Mitigation
This vulnerability is currently unpatched. The vendor has failed to respond to vulnerability disclosure. No workarounds are publicly available. The affected firmware version is 7.1.76 [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The device logs pre-signed Backblaze B2 upload URLs to the serial console in plaintext."
Attack vector
An attacker with physical proximity to the GNCC GP5 device can connect to the serial UART interface. During the device's boot and synchronization sequence, pre-signed Backblaze B2 upload URLs are outputted in plaintext to this console. The attacker can then extract these active tokens to perform unauthorized operations on cloud storage [ref_id=1].
Affected code
The vulnerability stems from the device's logging of sensitive information during its boot and synchronization sequence. Specifically, pre-signed Backblaze B2 upload URLs are exposed via the serial console [ref_id=1].
What the fix does
The advisory does not specify a patch or remediation steps. It indicates that the vendor failed to respond or remediate the issues within the designated timeframe [ref_id=1]. Therefore, no fix is currently available.
Preconditions
- inputPhysical access to the device is required to connect to the serial UART interface.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.