Home
Description
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.
References
github.com/...search-Public/blob/main/GNCC-GP5-T23/README.md
github.com/...search-Public/blob/main/GNCC-GP5-T23/README.md