CVE Catalog

CVE-2026-36174

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

GNCC GP5 v7.1.76 was found to store sensitive wireless network information in plaintext during routine operations to the serial console. This allows physically proximate attackers to obtain network credentials by monitoring the UART interface.

Risk Assessment

The organization risks exposure of Wi-Fi credentials, potentially leading to unauthorized network access and subsequent attacks.

Recommendation

Immediately update GNCC GP5 to the latest version and restrict physical access to devices with UART interfaces.

Original NVD description (English source)

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS