CVE-2026-9274 | THREATINT

Description

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.

PUBLISHED Reserved 2026-05-22 | Published 2026-05-25 | Updated 2026-05-25 | Assigner CERT-In

MEDIUM: 5.2CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-312: Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

v02.21.031 or below

affected

Credits

This vulnerability is reported by Mohsin Quresh. finder

References

www.cert-in.org.in/...eid=PUBVLNOTES01&VLCODE=CIVN-2026-0266 third-party-advisory

cve.org (CVE-2026-9274)

nvd.nist.gov (CVE-2026-9274)

Download JSON