CVE-2026-9274
Deferred Deferred - Pending Action
CP Plus Wi-Fi Camera Memory Extraction Vulnerability

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9274
EUVD
EUVD-2026-31661
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cp_plus wi-fi_camera *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory.

An attacker with physical access can exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information stored in the device's RAM.

  • Sensitive information that can be extracted includes cryptographic private keys, Wi-Fi credentials, and configuration data.
Impact Analysis

Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and the connected wireless network of the targeted device.

This means an attacker could potentially intercept or manipulate data transmitted by the device or gain unauthorized network access.

Compliance Impact

This vulnerability involves improper protection of sensitive information in runtime memory, allowing an attacker with physical access to extract sensitive data such as cryptographic private keys, Wi-Fi credentials, and configuration data.

Such unauthorized access to sensitive information could potentially lead to violations of data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring confidentiality and integrity.

Therefore, exploitation of this vulnerability could negatively impact compliance with these common standards by exposing protected information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9274. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart