Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface.
AnalysisAI
Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.
Technical ContextAI
The GNCC GP5 is an IoT device (firmware v7.1.76) that exposes a serial UART (Universal Asynchronous Receiver-Transmitter) debug/console interface. CWE-256 (Plaintext Storage of a Password) describes the root cause: the device fails to protect sensitive credentials at rest or in transit on the serial bus, instead logging or printing them in cleartext during normal operational routines. UART interfaces are commonly present on embedded and IoT hardware for debugging purposes and are accessible via physical header pins on the PCB. No formal CPE identifier has been assigned (CPE listed as n/a), indicating the product is not yet catalogued in the NVD product dictionary, which may affect automated vulnerability management tooling.
RemediationAI
No vendor-released patch or firmware version is identified at time of analysis. The vendor domains (http://gncc.com, http://gp5.com) should be consulted for firmware updates; if a patched firmware is released, upgrade immediately and rotate any wireless network credentials that may have been exposed. As a compensating control, disable or physically obstruct the UART interface on deployed devices - this typically involves desoldering header pins or applying epoxy to UART pads, which may void warranty and complicate future firmware updates. Network-level miigation: rotate the wireless credentials associated with any device that has been accessible to untrusted individuals, and isolate GP5 devices onto a dedicated VLAN to limit the blast radius of credential theft. Restrict physical access to devices through locked enclosures or secured installations. These controls reduce exploitability but do not remediate the underlying plaintext logging behavior.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-256 – Plaintext Storage of a Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34277
GHSA-wcjq-xfxv-x7mx