Description
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device.



Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Published: 2026-05-25
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE exposes sensitive data such as cryptographic private keys, Wi‑Fi credentials, and configuration information stored in the device’s RAM. A malicious party could read this data by accessing the UART interface and extracting memory contents, thereby compromising encrypted communications and the network the camera is connected to.

Affected Systems

CP Plus Wi‑Fi Camera models CP‑E38Q, CP‑E48Q, CP‑E25Q, CP‑E35Q, CP‑E45Q, CP‑E28Q, CP‑E21Q, CP‑E31Q, CP‑E41Q, CP‑24Q, CP‑Z43Q, CP‑E34Q, CP‑E44Q, CP‑T31Q, CP‑V48Q, CP‑V41Q, CP‑Z45Q running firmware version v02.21.031 or earlier are affected.

Risk and Exploitability

The CVSS score of 5.2 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in CISA KEV, suggesting limited public exploitation. The attack requires physical access to the UART interface, so the threat surface is limited to situations where an attacker can physically reach the device. If successfully exploited, the attacker could steal keys and credentials, enabling unauthorized network access and potentially decrypting communications.

Generated by OpenCVE AI on May 25, 2026 at 10:22 UTC.

Remediation

Vendor Solution

Upgrade CP Plus Wi-Fi Camera to the latest firmware version v02.21.041 through OTA using the Ezykam+ mobile application.https://cpplusworld.com/products/ezyhome/ezykam

OpenCVE Recommended Actions

  • Upgrade the device firmware to version v02.21.041 via OTA using the Ezykam+ mobile application
  • If an upgrade is not immediately possible, physically secure the UART interface by blocking or covering the port to prevent unauthorized access
  • Implement network segmentation and monitoring for the camera to detect suspicious activity and limit lateral movement

Generated by OpenCVE AI on May 25, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 09:45:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Title Information Exposure Vulnerability in CP-Plus Wi-Fi Camera
First Time appeared Cp Plus
Cp Plus wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
Weaknesses CWE-312
CPEs cpe:2.3:a:cp_plus:wi-fi_camera_cp-e38q_cp-e48q_cp-e25q_cp-e35q_cp-e45q_cp-e28q_cp-e21q_cp-e31q_cp-e41q_cp-e24q_cp-z43q_cp-e34q_cp-e44q_cp-t31q_cp-v48q_cp-v41q_cp-z45q:v02.21.031_or_below:*:*:*:*:*:*:*
Vendors & Products Cp Plus
Cp Plus wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Cp Plus Wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-05-25T09:19:04.664Z

Reserved: 2026-05-22T11:57:54.666Z

Link: CVE-2026-9274

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T10:30:22Z

Weaknesses