PatchSiren cyber security CVE debrief
CVE-2026-36178 GNCC CVE debrief
A vulnerability was discovered in GNCC GP5 v7.1.76, where the factory reset functionality fails to clear sensitive cryptographic material in the JFFS2 configuration partition. This flaw may allow attackers to recover and obtain sensitive user data.
- Vendor
- GNCC
- Product
- GP5
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of GNCC GP5 v7.1.76 devices should be aware of this vulnerability and take necessary precautions to protect their devices and data.
Technical summary
The CVSS score for this vulnerability is 4.6, with a severity rating of MEDIUM. The vulnerability is described as follows: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the latest security patches or updates provided by the vendor, if available.
- Use secure methods for resetting devices to their factory settings.
- Monitor devices for suspicious activity and implement additional security measures as needed.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively.
Official resources
CVE-2026-36178 was published on 2026-06-04T15:16:51.607Z and modified on 2026-06-04T16:16:35.517Z.