Skip to main content

GNCC GP5 EUVDEUVD-2026-34279

| CVE-2026-36176 HIGH
Cleartext Storage of Sensitive Information (CWE-312)
2026-06-04 mitre GHSA-82x6-h78j-2frc
7.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.1 HIGH
AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 04, 2026 - 17:22 vuln.today
CVSS changed
Jun 04, 2026 - 17:22 NVD
7.1 (HIGH)
CVE Published
Jun 04, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.

AnalysisAI

Plaintext exposure of pre-signed Backblaze B2 upload URLs in GNCC GP5 camera firmware v7.1.76 allows physically-proximate attackers with serial UART access to harvest live cloud storage tokens. The leaked PUT URLs enable unauthorized write operations against the device's Backblaze B2 cloud storage bucket until the tokens expire. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to GP5 camera
Delivery
Attach UART adapter to serial header
Exploit
Capture console output during upload
Execution
Extract pre-signed B2 PUT URL
Persist
Replay URL from external host
Impact
Write unauthorized objects to B2 bucket

Vulnerability AssessmentAI

Exploitation Exploitation requires physical access to the GNCC GP5 device to attach to its serial UART debug interface, plus a window in which the camera emits a pre-signed Backblaze B2 upload URL to the console (typically during upload operations) and during which that URL has not yet expired. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 7.1 score is driven by the AV:P (physical) vector and changed scope (S:C, since the leaked token grants access to a different security authority - Backblaze cloud storage), with high confidentiality and integrity impact but no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with brief physical access to a deployed GNCC GP5 camera opens the housing, attaches a USB-to-UART adapter to the exposed serial header, and passively captures the boot/runtime console log. Within the log they find pre-signed Backblaze B2 PUT URLs and, while these tokens remain valid, replay them from any internet-connected host to upload arbitrary content into the victim's B2 bucket, potentially poisoning recorded footage or exhausting storage quotas.
Remediation No vendor-released patch identified at time of analysis - neither GNCC nor a fixed firmware version is referenced in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all GNCC GP5 devices in use; identify which have Backblaze B2 integration enabled; assess physical security of device locations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

EUVD-2026-34279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy