CVE-2026-36178
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.
Risk Assessment
The risk involves potential recovery of cryptographic keys or other sensitive data after a factory reset, which could lead to compromise of system confidentiality and integrity as well as user data.
Recommendation
It is recommended to immediately update the GNCC GP5 software to the latest version that addresses this vulnerability, and manually clear the JFFS2 partition before transferring the device to another user.
Original NVD description (English source)
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.

