CVE-2026-36176

Published: Giu 04, 2026 Last Modified: Giu 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.

http://gncc.com
http://gncc.com
http://gp5.com
http://gp5.com
https://github.com/BadChemical/IoT-Vulnerability-Research-P…
https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC…