CVE-2026-36176
Pre-signed Backblaze B2 URL Exposure in GNCC GP5 Firmware
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gncc | gp5 | 7.1.76 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in GNCC GP5 v7.1.76 involves storing pre-signed Backblaze B2 upload URLs in plaintext on the serial console, allowing physically-proximate attackers to extract active tokens and perform unauthorized operations. This exposure of sensitive tokens could lead to unauthorized data access or manipulation.
Such unauthorized access to sensitive data or credentials may result in non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding sensitive information against unauthorized access and ensuring data confidentiality and integrity.
However, the provided information does not explicitly discuss compliance impacts or regulatory considerations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the serial UART interface of the GNCC GP5 device for plaintext output of pre-signed Backblaze B2 upload URLs or other sensitive tokens.
Since the UART interface outputs sensitive credentials in plaintext during boot and provisioning, connecting to the UART console and observing the output can reveal the presence of this vulnerability.
- Use a serial communication tool (e.g., minicom, screen, or PuTTY) to connect to the UART interface of the device.
- Example command to connect using screen: screen /dev/ttyUSB0 115200
- Observe the console output during device boot or provisioning for any plaintext URLs or tokens.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating the affected GNCC GP5 device to prevent unauthorized physical access.
If possible, disable UART access to prevent attackers from monitoring the serial console.
Avoid reselling or redistributing the device as it contains persistent secrets that cannot be removed.
Can you explain this vulnerability to me?
The vulnerability in GNCC GP5 v7.1.76 involves the storage of pre-signed Backblaze B2 upload URLs (used for PUT requests) in plaintext on the serial console.
Because these URLs are stored in plaintext and accessible via the serial UART interface, an attacker who is physically close to the device can monitor this interface and extract these active tokens.
With these tokens, the attacker can perform unauthorized operations on the Backblaze B2 storage service.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access and operations on your Backblaze B2 storage because attackers can extract active upload tokens from the device.
If an attacker gains these tokens, they could upload, modify, or delete data without permission, potentially leading to data loss, data corruption, or unauthorized data exposure.
The risk is especially significant if an attacker can physically access the device or its serial console interface.