top of page
perceptive_background_267k.jpg

CP Plus 8 Ch. Network Video Recorder

Published:

28 May 2026 at 12:00:00

Alert date:

28 May 2026 at 17:06:19

Source:

cisa.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure, Web Technologies

A stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-6824) affects CP Plus 8 Channel Network Video Recorder devices due to insufficient input sanitization. The vulnerability allows attackers to inject malicious scripts that execute in browsers of authenticated users and administrators, potentially leading to session hijacking, unauthorized actions, and data theft. The vulnerability has a CVSS score of 8.4 (HIGH severity) and affects specific versions of CP-UNR-108F1 devices. CP Plus recommends updating firmware to the latest version to mitigate the risk.

Technical details

Mitigation steps:

Affected products:

CP Plus 8 Ch. Network Video Recorder
CP-UNR-108F1

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-05
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-05.json
https://www.cve.org/CVERecord?id=CVE-2026-6824
https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
https://cwe.mitre.org/data/definitions/79.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page