CVE-2026-36182
Deferred Deferred - Pending Action
Weak Hashing in GNCC GP5 v7.1.76 Allows Root Credential Exposure

Publication date: 2026-06-04

Last updated on: 2026-06-08

Assigner: MITRE

Description
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-08
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-36182
EUVD
EUVD-2026-34309
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gncc gp5 7.1.76
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability involves the use of a weak hashing algorithm to protect the root password, which could allow attackers to obtain root credentials via a bruteforce attack.

This weakness in credential protection could lead to unauthorized access to sensitive systems or data, potentially resulting in violations of security requirements mandated by standards such as GDPR or HIPAA.

However, the provided information does not explicitly discuss the impact on compliance with these or other regulations.

Executive Summary

The vulnerability in GNCC GP5 v7.1.76 involves the use of a weak hashing algorithm to protect the root password. This weakness may allow attackers to perform a bruteforce attack to obtain root credentials and privileges.

Impact Analysis

If exploited, this vulnerability could allow an attacker to gain root access to the affected system by cracking the weakly hashed root password. This would give the attacker full control over the system, potentially leading to unauthorized access, data theft, or system compromise.

Mitigation Strategies

The vulnerability involves the use of a weak hashing algorithm to protect the root password, which may allow attackers to obtain root credentials via bruteforce attacks.

Immediate mitigation steps should focus on strengthening password protection mechanisms, such as updating to a stronger hashing algorithm if possible.

Since no direct mitigation or patch information is provided, general best practices include restricting access to the device, monitoring for unauthorized access attempts, and changing root passwords regularly.

Detection Guidance

The vulnerability in GNCC GP5 v7.1.76 involves the use of a weak hashing algorithm to protect the root password, which could allow attackers to obtain root credentials via bruteforce attacks.

To detect this vulnerability on your system, you would need to verify if the device is running GNCC GP5 version 7.1.76 and check the password hashing method used for the root account.

Since the vulnerability relates to weak password hashing, one approach is to extract the password hash from the device and analyze it to determine if a weak algorithm is used.

However, no specific detection commands or tools are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart