CVE-2026-36174
4.6 MEDIUMGNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console
Published: 2026-06-04 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 4.6 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-256
Description
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-36174
- [Other]http://gncc.com
- [Other]http://gp5.com
- [Other]https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md
- [Other]https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md
Related CVEs
Same CWE
- CVE-2024-45636 — IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)
- CVE-2018-25396 — Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administra... (7.5 HIGH)
- CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd (7.5 HIGH)
- CVE-2021-47961 — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influen... (8.1 HIGH)
- CVE-2025-15128 — A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2 (5.3 MEDIUM)