By weakness (CWE)
CWE-312: related vulnerabilities
CVEs classified under CWE-312. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-36176HIGH 7.1
GNCC GP5 version 7.1.76 leaks Backblaze B2 cloud storage upload credentials to the device's serial console in plaintext. An attacker with physical access to the hardware can monitor the UART interface and capture active, pre-signed upload URLs intended for file transfers. Once captured, these URLs can be used to upload or manipulate files in the connected B2 storage bucket without authorization. The vulnerability requires proximity to the device but poses significant risk to organizations using this gateway in sensitive environments.