CVE-2026-36178
4.6 MEDIUMThe factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition,...
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 4.6 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-212
Description
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-36178
- [Other]http://gncc.com
- [Other]http://gp5.com
- [Other]https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md
- [Other]https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md
Related CVEs
Same CWE
- CVE-2026-46657 — Bludit is a content management system (7.1 HIGH)
- CVE-2026-45046 — Gryph provides a security layer for AI coding agents (5.5 MEDIUM)
- CVE-2026-27892 — FacturaScripts is an open source accounting and invoicing software (6.5 MEDIUM)
- CVE-2026-42186 — OpenBao is an open source identity-based secrets management system (7.5 HIGH)