CVE Catalog

CVE-2026-36178

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.

Risk Assessment

The risk involves potential recovery of cryptographic keys or other sensitive data after a factory reset, which could lead to compromise of system confidentiality and integrity as well as user data.

Recommendation

It is recommended to immediately update the GNCC GP5 software to the latest version that addresses this vulnerability, and manually clear the JFFS2 partition before transferring the device to another user.

Original NVD description (English source)

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS