CRITICAL🇵🇱 Wersja polska

CVE-2026-36182

CVSS 9.8pub. 2026-06-04upd. 2026-07-05

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.

🤖 AI Analysis
How it works

The vulnerability results from the use of a weak (cryptographically insecure) hashing algorithm (CWE-328) to store the root account password on the device. Obtaining access to the stored password hash — for example, by reading the password file — allows an attacker to conduct a brute-force attack and recover the original password in an acceptable timeframe. After obtaining the root password, the attacker can log in to the device with the highest privileges.

Impact

An attacker can obtain full administrator (root) privileges on the device, enabling arbitrary system modifications, installation of malicious software, or use of the device as an entry point to the network.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. It is also recommended to change the default root password to a strong, unique password and restrict device access at the network level.

Who is affected

GNCC GP5 version v7.1.76

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References