Description
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
Published: 2026-06-04
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A weak hashing algorithm protects the root password in GNCC GP5 v7.1.76. This weakness can enable an attacker to perform a brute‑force attack to discover root credentials and thereby gain unrestricted control over the device. The vulnerability involves insecure cryptographic storage (CWE‑328).

Affected Systems

GNCC GP5 devices running firmware version 7.1.76 are affected. No other vendors or product versions are listed in the data.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability has a CVSS score of 9.8, and it is not listed in CISA KEV, indicating no publicly known exploits. However, because the weakness could allow a successful brute‑force attack, an attacker with any form of access to the device could obtain root privileges. The lack of an official patch or workaround means the vulnerability remains exploitable until firmware is updated or additional controls are applied.

Generated by OpenCVE AI on June 8, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a firmware release that replaces the weak hashing algorithm with a secure password storage mechanism
  • Configure and enforce a strong, unique root password and enable additional authentication factors if supported
  • Implement account lockout or rate‑limiting to mitigate brute‑force attempts
  • Consider disabling or restricting remote root access to limit attack surfaces

Generated by OpenCVE AI on June 8, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Weak Hashing Algorithm Allows Root Credential Compromise in GNCC GP5 v7.1.76

Mon, 08 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Title Weak hashing algorithm in GNCC GP5 root password protection enabling brute‑force attack
Weaknesses CWE-285
CWE-327

Mon, 08 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-328
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Gncc
Gncc gp5
Vendors & Products Gncc
Gncc gp5

Thu, 04 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Weak hashing algorithm in GNCC GP5 root password protection enabling brute‑force attack
Weaknesses CWE-285
CWE-327

Thu, 04 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
References

Subscriptions

Gncc Gp5
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-08T14:11:59.431Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36182

cve-icon Vulnrichment

Updated: 2026-06-08T14:11:33.153Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T16:16:35.763

Modified: 2026-06-08T15:16:45.473

Link: CVE-2026-36182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T18:30:16Z

Weaknesses