CVE 8.4 HIGH

CP Plus 8 Ch. Network Video Recorder Cross-site Scripting_CVE-2026-6824

May 29, 2026 invoker category_cve
8.4 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Description

A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft.

Basic Information

ID CVE-2026-6824
Source icscert
Published May 29, 2026 at 16:41

Affected Product

Vendor CP Plus
Product CP-UNR-108F1 Hardware
Version 1.0
Affected Versions CP Plus CP-UNR-108F1 Hardware 1.0
CP Plus CP-UNR-108F1 Web 3.2.7.128806
CP Plus CP-UNR-108F1 System 4.001.00AT009.0.R

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.