Description
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device.



Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Published: 2026-05-25
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE exposes sensitive data such as cryptographic private keys, Wi‑Fi credentials, and configuration information stored in the device’s RAM. A malicious party could read this data by accessing the UART interface and extracting memory contents, thereby compromising encrypted communications and the network the camera is connected to.

Affected Systems

CP Plus Wi‑Fi Camera models CP‑E38Q, CP‑E48Q, CP‑E25Q, CP‑E35Q, CP‑E45Q, CP‑E28Q, CP‑E21Q, CP‑E31Q, CP‑E41Q, CP‑24Q, CP‑Z43Q, CP‑E34Q, CP‑E44Q, CP‑T31Q, CP‑V48Q, CP‑V41Q, CP‑Z45Q running firmware version v02.21.031 or earlier are affected.

Risk and Exploitability

The CVSS score of 5.2 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in CISA KEV, suggesting limited public exploitation. The attack requires physical access to the UART interface, so the threat surface is limited to situations where an attacker can physically reach the device. If successfully exploited, the attacker could steal keys and credentials, enabling unauthorized network access and potentially decrypting communications.

Generated by OpenCVE AI on May 25, 2026 at 10:22 UTC.

Remediation

Vendor Solution

Upgrade CP Plus Wi-Fi Camera to the latest firmware version v02.21.041 through OTA using the Ezykam+ mobile application.https://cpplusworld.com/products/ezyhome/ezykam

OpenCVE Recommended Actions

  • Upgrade the device firmware to version v02.21.041 via OTA using the Ezykam+ mobile application
  • If an upgrade is not immediately possible, physically secure the UART interface by blocking or covering the port to prevent unauthorized access
  • Implement network segmentation and monitoring for the camera to detect suspicious activity and limit lateral movement

Generated by OpenCVE AI on May 25, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Cp Plus cp-e21q
Cp Plus cp-e24q
Cp Plus cp-e25q
Cp Plus cp-e28q
Cp Plus cp-e31q
Cp Plus cp-e34q
Cp Plus cp-e35q
Cp Plus cp-e38q
Cp Plus cp-e41q
Cp Plus cp-e44q
Cp Plus cp-e45q
Cp Plus cp-e48q
Cp Plus cp-t31q
Cp Plus cp-v41q
Cp Plus cp-v48q
Cp Plus cp-z43q
Cp Plus cp-z45q
Vendors & Products Cp Plus cp-e21q
Cp Plus cp-e24q
Cp Plus cp-e25q
Cp Plus cp-e28q
Cp Plus cp-e31q
Cp Plus cp-e34q
Cp Plus cp-e35q
Cp Plus cp-e38q
Cp Plus cp-e41q
Cp Plus cp-e44q
Cp Plus cp-e45q
Cp Plus cp-e48q
Cp Plus cp-t31q
Cp Plus cp-v41q
Cp Plus cp-v48q
Cp Plus cp-z43q
Cp Plus cp-z45q

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 09:45:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Title Information Exposure Vulnerability in CP-Plus Wi-Fi Camera
First Time appeared Cp Plus
Cp Plus wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
Weaknesses CWE-312
CPEs cpe:2.3:a:cp_plus:wi-fi_camera_cp-e38q_cp-e48q_cp-e25q_cp-e35q_cp-e45q_cp-e28q_cp-e21q_cp-e31q_cp-e41q_cp-e24q_cp-z43q_cp-e34q_cp-e44q_cp-t31q_cp-v48q_cp-v41q_cp-z45q:v02.21.031_or_below:*:*:*:*:*:*:*
Vendors & Products Cp Plus
Cp Plus wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Cp Plus Cp-e21q Cp-e24q Cp-e25q Cp-e28q Cp-e31q Cp-e34q Cp-e35q Cp-e38q Cp-e41q Cp-e44q Cp-e45q Cp-e48q Cp-t31q Cp-v41q Cp-v48q Cp-z43q Cp-z45q Wi-fi Camera Cp-e38q Cp-e48q Cp-e25q Cp-e35q Cp-e45q Cp-e28q Cp-e21q Cp-e31q Cp-e41q Cp-e24q Cp-z43q Cp-e34q Cp-e44q Cp-t31q Cp-v48q Cp-v41q Cp-z45q
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-05-26T14:42:56.110Z

Reserved: 2026-05-22T11:57:54.666Z

Link: CVE-2026-9274

cve-icon Vulnrichment

Updated: 2026-05-26T14:42:51.572Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T10:16:15.627

Modified: 2026-05-26T20:04:56.653

Link: CVE-2026-9274

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:06:02Z

Weaknesses
  • CWE-312

    Cleartext Storage of Sensitive Information