CVE-2026-9274

Severity CVSS v4.0:

MEDIUM

Type:

CWE-312 Cleartext Storage of Sensitive Information

Publication date:

25/05/2026

Last modified:

25/05/2026

Description

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. <br /> <br /> <br /> <br /> Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.

Impact

Vector 4.0

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 5.20 MEDIUM
Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): Low
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): None
Availability (SA): None

Base Score 4.0

5.20

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0266