Badchemical

**Name of the Vulnerable Software and Affected Versions** GNCC GP5 version 7.1.76 **Description** Sensitive wireless network information, including network credentials, is stored in plaintext and exposed to the serial console during routine operations. This allows attackers with physical proximity to the device to obtain this sensitive data by monitoring the serial UART interface (Universal Asynchronous Receiver-Transmitter), which is a hardware communication protocol used for serial communication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNCC GP5 version 7.1.76 **Description** An issue in the U-Boot component allows physically-proximate attackers to bypass authentication and gain root access. This is achieved by interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNCC GP5 version 7.1.76 **Description** The software stores pre-signed Backblaze B2 upload URLs for PUT requests in plaintext on the serial console. This allows attackers with physical proximity to monitor the serial UART interface and extract active tokens to perform unauthorized operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNCC GP5 version 7.1.76 **Description** The factory reset functionality fails to clear sensitive cryptographic material stored in the JFFS2 configuration partition. This may allow attackers to recover and obtain sensitive user data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNCC GP5 version 7.1.76 **Description** A lack of runtime integrity allows physically-proximate attackers to bypass file system read-only protections. This enables the modification of system files and binaries for the duration of a boot session through a bind-mount attack, which involves attaching a file or directory to another point in the file system hierarchy to override existing permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.