CVE-2026-36174
Plaintext Storage of Wi-Fi Credentials in GNCC GP5 v7.1.76
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gncc | gp5 | 7.1.76 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-36174 is a high-severity vulnerability affecting the GNCC GP5 indoor camera (T23 platform). The device's UART (serial) interface is fully unlocked and outputs sensitive wireless network information, including network credentials, in plaintext during boot and provisioning.
This means that an attacker with physical proximity to the device can monitor the serial UART interface and obtain sensitive data such as the RSA private key, Wi-Fi SSID and password, and MQTT request tokens. The root cause is improper handling of the UART console where sensitive data is logged without any redaction.
How can this vulnerability impact me? :
This vulnerability allows physically-proximate attackers to extract critical sensitive information from the device, including network credentials and cryptographic keys.
- Attackers can gain access to local Wi-Fi networks by obtaining SSID and passwords.
- They can impersonate the device's cloud infrastructure by using extracted MQTT tokens and RSA private keys.
- This can lead to unauthorized access, data interception, and potential control over the device and associated cloud services.
Mitigation is difficult as no patch is available and secrets persist even if the device is resold. Physical isolation and disabling UART access are recommended.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by physically accessing the device's UART (serial) interface and monitoring the output during boot or provisioning. Sensitive information such as Wi-Fi credentials and private keys are output in plaintext on the UART console.
To detect the vulnerability, connect to the UART interface using a serial communication tool (e.g., minicom, screen, PuTTY) and observe if sensitive data is printed without redaction.
- Use a serial connection command such as: screen /dev/ttyUSB0 115200
- Or: minicom -D /dev/ttyUSB0 -b 115200
If sensitive wireless network information, RSA private keys, or MQTT tokens appear in plaintext during device boot or provisioning, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating the affected device from sensitive networks to prevent unauthorized access.
If possible, disable the UART interface to prevent physical access to sensitive data output.
Avoid reselling or redistributing the device, as it contains persistent secrets that cannot be removed.
Since no patch is available due to vendor non-response, physical security and network isolation are critical to reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability exposes sensitive wireless network information, including network credentials and private keys, in plaintext via the UART interface. Such exposure of sensitive data can lead to unauthorized access and potential data breaches.
Because the vulnerability allows physical attackers to obtain sensitive credentials, it poses a risk to the confidentiality and integrity of data, which are core requirements in standards like GDPR and HIPAA.
Failure to protect sensitive information as required by these regulations could result in non-compliance, leading to legal and financial consequences for organizations using the affected device.