← Back to home
ICSA-26-148-05  ·  Published 2026-05-28  ·  View on CISA ICS-CERT ↗

CP Plus 8 Ch. Network Video Recorder

CVSS 8.4 HIGH

Risk Summary

Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with the victim's privileges, exposure or manipulation of sensitive data, and degradation of overall system integrity.

CVEs (1)

Remediations

  • CP Plus recommends updating the firmware on the device to the latest firmware version.
  • CP-UNR-AxxxMars_PN_15_Q_00_V1.00.14.01.T.260326 which can be downloaded at https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view
  • For firmware access and upgrade instructions, please contact support at:
  • Phone: +91-8800952952
  • Email: [email protected]

Affected Vendors

CP Plus

Affected Products (3)

CP Plus · CP-UNR-108F1 Hardware V1.0
CP Plus · CP-UNR-108F1 Web V3.2.7.128806
CP Plus · CP-UNR-108F1 System V4.001.00AT009.0.R

Affected Sectors

Commercial Facilities, Critical Manufacturing, Emergency Services

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more