CVE-2026-9274
Received Received - Intake
CP Plus Wi-Fi Camera Memory Extraction Vulnerability

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-05-26
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-9274
EUVD
EUVD-2026-31661
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cp_plus wi-fi_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory.

An attacker with physical access can exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information stored in the device's RAM.

  • Sensitive information that can be extracted includes cryptographic private keys, Wi-Fi credentials, and configuration data.

How can this vulnerability impact me? :

Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and the connected wireless network of the targeted device.

This means an attacker could potentially intercept or manipulate data transmitted by the device or gain unauthorized network access.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability involves improper protection of sensitive information in runtime memory, allowing an attacker with physical access to extract sensitive data such as cryptographic private keys, Wi-Fi credentials, and configuration data.

Such unauthorized access to sensitive information could potentially lead to violations of data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring confidentiality and integrity.

Therefore, exploitation of this vulnerability could negatively impact compliance with these common standards by exposing protected information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart