PatchSiren cyber security CVE debrief
CVE-2026-9274 CP Plus CVE debrief
CP Plus Wi-Fi Camera devices contain a medium-severity vulnerability (CVSS 4.0: 5.2) stemming from improper protection of sensitive information in runtime memory (CWE-312). An attacker with physical access can extract cryptographic private keys, Wi-Fi credentials, and configuration data by interfacing with the UART port and performing memory extraction from RAM. Successful exploitation enables unauthorized access to encrypted communications and the connected wireless network. The vulnerability was disclosed by CERT-In (CIVN-2026-0266) and published to NVD on 2026-05-25, with a subsequent modification on 2026-05-26. No known exploitation in the wild or ransomware campaign use has been reported.
- Vendor
- CP Plus
- Product
- Wi-Fi Camera CP-E38Q, CP-E48Q, CP-E25Q, CP-E35Q, CP-E45Q, CP-E28Q, CP-E21Q, CP-E31Q, CP-E41Q, CP-E24Q, CP-Z43Q, CP-E34Q, CP-E44Q, CP-T31Q, CP-V48Q, CP-V41Q, CP-Z45Q
- CVSS
- MEDIUM 5.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
IoT security teams managing physical surveillance deployments, facilities security personnel responsible for camera hardware integrity, network administrators securing wireless infrastructure with embedded IoT devices, and incident responders investigating potential credential compromise through hardware tampering
Technical summary
The vulnerability exists in the runtime memory protection implementation of CP Plus Wi-Fi Camera firmware. Sensitive data including RSA/ECC private keys, WPA2/WPA3 pre-shared keys, and device configuration parameters are stored in cleartext in RAM without adequate access controls or encryption at rest in volatile memory. The UART debug interface, typically used for manufacturing and diagnostics, lacks authentication or is enabled in production firmware, providing a direct memory access path. An attacker with physical device access can connect to UART pins (TX/RX/GND), establish a serial console session, and use built-in memory dump commands or custom payloads to extract RAM contents. The extracted data enables decryption of TLS/DTLS streams to cloud services and connection to the associated Wi-Fi network using harvested credentials.
Defensive priority
medium
Recommended defensive actions
- Restrict physical access to CP Plus Wi-Fi Camera devices to authorized personnel only
- Disable or secure UART interfaces on deployed cameras where hardware modifications are feasible
- Monitor for unauthorized physical tampering or device enclosure breaches
- Rotate Wi-Fi credentials and cryptographic keys following any suspected physical compromise
- Apply vendor firmware updates when available addressing CWE-312 memory protection deficiencies
- Segment IoT camera networks to limit lateral movement if credentials are compromised
Evidence notes
Vulnerability disclosed via CERT-In advisory CIVN-2026-0266 and indexed in NVD with CVSS 4.0 vector. Physical access requirement (AV:P) limits attack surface. CWE-312 classification confirms cleartext storage of sensitive data in memory.
Official resources
-
CVE-2026-9274 CVE record
CVE.org
-
CVE-2026-9274 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-25