Description
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface.
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from GNCC GP5 firmware that writes wireless network credentials and related sensitive data in clear text to the serial UART stream during routine operations. This flaw creates a direct data leak that can be read by anyone with physical proximity to the UART interface, allowing an attacker to recover passwords and network configuration details. The weakness is a classic example of information exposure, potentially enabling unauthorized network access for the attacker.

Affected Systems

NI devices based on the GNCC GP5 platform running firmware version 7.1.76 are affected. The issue is confined to the device’s serial console subsystem, and no other firmware or hardware components are explicitly mentioned.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating that no publicly reported exploits exist. Nevertheless, because it requires only physical proximity to the device’s UART interface, the attack vector is low‑barrier and can be executed with minimal tools. In environments where physical security is weak, the risk of credential compromise remains high. The CWEs associated with this flaw are primarily information exposure, underscoring the need for data‑at‑rest or data‑in‑transit protection measures.

Generated by OpenCVE AI on June 4, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the serial console or restrict its access to trusted personnel only
  • Reconfigure the device firmware to remove or encrypt wireless credential output in logs
  • Physically secure or shield the UART port to prevent unauthorized reading

Generated by OpenCVE AI on June 4, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Plaintext Storage of Wireless Credentials on Serial Console
Weaknesses CWE-200

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T14:13:20.490Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36174

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-04T15:16:51.093

Modified: 2026-06-04T15:41:35.193

Link: CVE-2026-36174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T15:30:17Z

Weaknesses