Skip to main content

GNCC GP5 CVE-2026-36175

| EUVDEUVD-2026-34278 MEDIUM
Improper Input Validation (CWE-20)
2026-06-04 mitre GHSA-4ghq-g4mw-8vf2
6.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 17:22 vuln.today
CVSS changed
Jun 04, 2026 - 17:22 NVD
6.8 (MEDIUM)
CVE Published
Jun 04, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments.

AnalysisAI

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Technical ContextAI

U-Boot is a widely deployed open-source bootloader used in embedded Linux systems and IoT devices. During the boot sequence, U-Boot constructs and passes a kernel command line (bootargs) to the Linux kernel, which can include parameters that influence root filesystem mounting, init process selection, and console access. The CWE-20 (Improper Input Validation) root cause indicates that GNCC GP5 firmware v7.1.76 fails to restrict or sanitize operator-supplied input to the bootloader console, allowing injection of arbitrary kernel parameters such as 'init=/bin/sh' or 'rw single' that subvert the intended authentication and initialization flow. The CPE data provided is non-specific (cpe:2.3:a:n/a:n/a), so exact affected product scope is derived from the CVE description and EUVD entry EUVD-2026-34278 rather than NVD CPE enumeration. The GNCC GP5 appears to be an IoT device (likely a GPS/tracking unit based on naming conventions and the vendor domain gp5.com) running an embedded Linux stack with U-Boot as the first-stage bootloader.

RemediationAI

No vendor-released patch has been identified at time of analysis. The vendor domains referenced (gncc.com, gp5.com) have not published a security advisory. Organizations using GNCC GP5 devices should contact the vendor directly to request a patched firmware and monitor the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-36175 and VulDB entry https://vuldb.com/vuln/368356 for patch availability updates. As compensating controls, deployers should implement strict physical security measures to prevent unauthorized access to the device, including tamper-evident seals or locked enclosures - this directly addresses the AV:P attack prerequisite. Where the device supports it, enable U-Boot password protection or restrict bootloader console access via U-Boot environment variable locking (setenv bootdelay -1; saveenv), though the effectiveness of this control depends on whether U-Boot itself enforces it prior to the vulnerable input-handling stage. Encrypting on-device storage would limit the value of root access for data exfiltration. Note that without a vendor patch, software-level mitigations may be insufficient if an attacker can reflash the bootloader from external media.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

CVE-2026-36175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy