CVE-2026-36178
Description
GNCC GP5 firmware 7.1.76 fails to clear crypto material during factory reset, potentially exposing user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GNCC GP5 firmware 7.1.76 fails to clear crypto material during factory reset, potentially exposing user data.
Vulnerability
The factory reset functionality in GNCC GP5 firmware version 7.1.76 fails to properly clear sensitive cryptographic material stored in the JFFS2 configuration partition. This vulnerability exists on the T23 platform and may affect similar models using this architecture.
Exploitation
An attacker with physical access to the device can exploit this vulnerability. After gaining local root access through other means, such as U-Boot argument injection [1], they can then access the JFFS2 partition to recover sensitive cryptographic material that was not properly cleared during a factory reset.
Impact
Successful exploitation allows an attacker to recover sensitive cryptographic material, which could potentially lead to the recovery and exposure of sensitive user data. This could also facilitate persistent identity takeover and cloud infrastructure impersonation by leveraging leaked credentials or tokens [1].
Mitigation
This vulnerability is currently unpatched. The vendor was contacted but failed to respond or remediate the issues within the designated timeframe [1]. No workarounds are currently available.
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The factory reset functionality fails to clear sensitive cryptographic material from the JFFS2 configuration partition."
Attack vector
An attacker with physical access to the device can execute a factory reset. This action fails to wipe the mtd4 configuration partition, leaving sensitive data such as the RSA private key and Wi-Fi credentials recoverable. This allows for persistent device impersonation and potential access to user data [ref_id=1].
Affected code
The vulnerability lies within the factory reset functionality that interacts with the mtd4 configuration partition, specifically concerning the handling of cryptographic material like RSA private keys and Wi-Fi credentials [ref_id=1].
What the fix does
The advisory does not specify a patch or provide remediation guidance. Therefore, the vulnerability remains unpatched.
Preconditions
- inputPhysical access to the device.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.