Iot Vulnerability Research Public
by Badchemical
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36176 | Hig | 0.46 | 7.1 | — | Jun 4, 2026 | GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | ||
| CVE-2026-36175 | Med | 0.44 | 6.8 | — | Jun 4, 2026 | An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. | ||
| CVE-2026-36178 | Med | 0.30 | 4.6 | — | Jun 4, 2026 | The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. | ||
| CVE-2026-36182 | 0.00 | — | — | Jun 4, 2026 | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. | |||
| CVE-2026-36180 | 0.00 | — | — | Jun 4, 2026 | A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. | |||
| CVE-2026-36174 | 0.00 | — | — | Jun 4, 2026 | GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the… |
- risk 0.46cvss 7.1epss —
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.
- risk 0.44cvss 6.8epss —
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments.
- risk 0.30cvss 4.6epss —
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.
- CVE-2026-36182Jun 4, 2026risk 0.00cvss —epss —
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
- CVE-2026-36180Jun 4, 2026risk 0.00cvss —epss —
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack.
- CVE-2026-36174Jun 4, 2026risk 0.00cvss —epss —
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the…