CVE-2026-36176
Deferred Deferred - Pending Action
Pre-signed Backblaze B2 URL Exposure in GNCC GP5 Firmware

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: MITRE

Description
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-36176
EUVD
EUVD-2026-34279
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gncc gp5 7.1.76
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in GNCC GP5 v7.1.76 involves the storage of pre-signed Backblaze B2 upload URLs (used for PUT requests) in plaintext on the serial console.

Because these URLs are stored in plaintext and accessible via the serial UART interface, an attacker who is physically close to the device can monitor this interface and extract these active tokens.

With these tokens, the attacker can perform unauthorized operations on the Backblaze B2 storage service.

Impact Analysis

This vulnerability can lead to unauthorized access and operations on your Backblaze B2 storage because attackers can extract active upload tokens from the device.

If an attacker gains these tokens, they could upload, modify, or delete data without permission, potentially leading to data loss, data corruption, or unauthorized data exposure.

The risk is especially significant if an attacker can physically access the device or its serial console interface.

Compliance Impact

The vulnerability in GNCC GP5 v7.1.76 involves storing pre-signed Backblaze B2 upload URLs in plaintext on the serial console, allowing physically-proximate attackers to extract active tokens and perform unauthorized operations. This exposure of sensitive tokens could lead to unauthorized data access or manipulation.

Such unauthorized access to sensitive data or credentials may result in non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding sensitive information against unauthorized access and ensuring data confidentiality and integrity.

However, the provided information does not explicitly discuss compliance impacts or regulatory considerations.

Detection Guidance

This vulnerability can be detected by monitoring the serial UART interface of the GNCC GP5 device for plaintext output of pre-signed Backblaze B2 upload URLs or other sensitive tokens.

Since the UART interface outputs sensitive credentials in plaintext during boot and provisioning, connecting to the UART console and observing the output can reveal the presence of this vulnerability.

  • Use a serial communication tool (e.g., minicom, screen, or PuTTY) to connect to the UART interface of the device.
  • Example command to connect using screen: screen /dev/ttyUSB0 115200
  • Observe the console output during device boot or provisioning for any plaintext URLs or tokens.
Mitigation Strategies

Immediate mitigation steps include isolating the affected GNCC GP5 device to prevent unauthorized physical access.

If possible, disable UART access to prevent attackers from monitoring the serial console.

Avoid reselling or redistributing the device as it contains persistent secrets that cannot be removed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart