Description
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.
Published: 2026-06-04
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GNCC GP5 v7.1.76 was found to write pre‑signed Backblaze B2 upload URLs directly to its serial console in plaintext. These URLs authorize a PUT request that can store arbitrary data in the owner’s B2 bucket. A compromise of the tokens enables an attacker to upload any content, effectively hijacking the bucket and potentially exfiltrating stored data. The vulnerability is a classic example of sensitive information being exposed to an unauthorized actor.

Affected Systems

GNCC GP5 equipment running firmware version 7.1.76 is affected. No other versions or products were listed as impacted.

Risk and Exploitability

The EPSS score is not available and the issue is not listed in the CISA KEV catalog, indicating a low publicly documented exploitation probability. The CVSS score is 7.1, indicating a high severity classification. The most common exploitation scenario requires the attacker to be physically proximate to the device’s UART console, which is a relatively constrained attack vector. However, once a physical attacker gains access they can read the exposed tokens and perform unauthorized uploads. Overall, the risk is moderate due to the physical requirement but high for anyone with direct access to the console.

Generated by OpenCVE AI on June 4, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that sanitizes console output and removes secret leakage.
  • Disable or encrypt serial UART output to prevent sensitive data from being displayed.
  • Restrict physical access to the serial console by securing the device enclosure and using access control mechanisms.

Generated by OpenCVE AI on June 4, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gncc
Gncc gp5
Vendors & Products Gncc
Gncc gp5

Thu, 04 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Plaintext Exposure of Backblaze B2 Upload Tokens via Serial Console

Thu, 04 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Title Plaintext Exposure of Backblaze B2 Upload Tokens in GNCC GP5
Weaknesses CWE-200

Thu, 04 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Plaintext Exposure of Backblaze B2 Upload Tokens in GNCC GP5
Weaknesses CWE-200

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.
References

Subscriptions

Gncc Gp5
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T15:52:09.566Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36176

cve-icon Vulnrichment

Updated: 2026-06-04T15:50:22.473Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T15:16:51.410

Modified: 2026-06-04T17:16:32.373

Link: CVE-2026-36176

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:09:27Z

Weaknesses
  • CWE-312

    Cleartext Storage of Sensitive Information