CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

EUVD-2026-34250

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

CVE-2026-45432

The CVE-2026-45432 entry describes a vulnerability in GX Earth ONT models where user credentials are transmitted in cleartext over HTTP in the device’s web management interface. This allows a remote attacker who can intercept network traffic to obtain sensitive authentication data, potentially le...

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

CVE-2026-50210

CVE-2026-50210 is linked to multiple sources describing a cryptographic weakness where data is encrypted with AES-CBC using static zero-filled IVs. This configuration can enable replay attacks and known-plaintext decryption. The description across NVD, CVE records, and related feeds consistently ...

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

CVE-2026-50205

CVE-2026-50205 describes a vulnerability where system log files output unencrypted SMTP server authentication passwords along with sensitive employee identifiers. The brief does not specify affected products, vendors, or versions. Impact is stated as high confidentiality exposure (log leakage of ...

CVE-2026-50205 Plaintext Log Credential Leakage

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

CVE-2026-50205 Plaintext Log Credential Leakage

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

SUSE CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

PT-2026-46162

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

EUVD-2026-34277

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

CVE-2026-36174

CVE-2026-36174 affects GNCC GP5 v7.1.76, where sensitive wireless network information is stored in plaintext during normal operation and exposed via the serial UART interface. This could allow physically proximate attackers with access to the device’s serial console to recover credentials. The de...

PT-2026-46243

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...