CVE-2026-36182 - Vulnerability Details

Description

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

Published: 2026-06-04

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A weak hashing algorithm protects the root password in GNCC GP5 v7.1.76. This weakness can enable an attacker to perform a brute‑force attack to discover root credentials and thereby gain unrestricted control over the device.

Affected Systems

GNCC GP5 devices running firmware version 7.1.76 are affected. No other vendors or product versions are listed in the data.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no publicly known exploits. However, because the weakness could allow a successful brute‑force attack, an attacker with any form of access to the device could obtain root privileges. The lack of an official patch or workaround means the vulnerability remains exploitable until firmware is updated or additional controls are applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a firmware release that replaces the weak hashing algorithm with a secure password storage mechanism
Configure and enforce a strong, unique root password and enable additional authentication factors if supported
Implement account lockout or rate‑limiting to mitigate brute‑force attempts
Consider disabling or restricting remote root access to limit attack surfaces

Generated by OpenCVE AI on June 4, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://gncc.com
http://gp5.com
https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md

History

Thu, 04 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		Weak hashing algorithm in GNCC GP5 root password protection enabling brute‑force attack
Weaknesses		CWE-285 CWE-327

Thu, 04 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
References		http://gncc.com http://gp5.com https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-04T00:00:00.000Z

Updated: 2026-06-04T14:25:31.095Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36182

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-06-04T16:16:35.763

Modified: 2026-06-04T16:28:59.003

Link: CVE-2026-36182

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-04T16:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object