Filtered by vendor Gncc
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36180 | 1 Gncc | 1 Gp5 | 2026-06-05 | N/A |
| A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. | ||||
| CVE-2026-36182 | 1 Gncc | 1 Gp5 | 2026-06-05 | N/A |
| GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. | ||||
| CVE-2026-36174 | 1 Gncc | 1 Gp5 | 2026-06-05 | N/A |
| GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface. | ||||
| CVE-2026-36175 | 1 Gncc | 1 Gp5 | 2026-06-05 | 6.8 Medium |
| An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. | ||||
| CVE-2026-36176 | 1 Gncc | 1 Gp5 | 2026-06-05 | 7.1 High |
| GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | ||||
| CVE-2026-36178 | 1 Gncc | 1 Gp5 | 2026-06-05 | 4.6 Medium |
| The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. | ||||
Page 1 of 1.