CVE-2026-36178

MEDIUM

GNCC GP5 7.1.76 - Sensitive Data Exposure via Incomplete Factory Reset

Title source: llm

Description

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.

References (3)

Core 3

Core References

http://gncc.com

http://gp5.com

https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md

View Writeup ZIP pw:eip

Scores

CVSS v3 4.6

EPSS 0.0016

EPSS Percentile 5.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-212

Status published

Published Jun 04, 2026

Tracked Since Jun 04, 2026