cpplusworld 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk input validation and パス処理の欠陥 などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-44039 | CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication. | [email protected] | 5.1 | 0.07% | 2025-05-13 | 2025-07-11 |
| CVE-2024-54849 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.33% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54848 | Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | [email protected] | 7.4 | 0.37% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54847 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.25% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54846 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.25% | 2025-01-10 | 2025-10-02 |
| CVE-2023-3705 | The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | [email protected] | 7.5 | 0.25% | 2023-08-24 | 2024-11-21 |
| CVE-2023-3704 | The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | [email protected] | 5.3 | 0.06% | 2023-08-24 | 2024-11-21 |
| CVE-2023-1518 | CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | [email protected] | 7.8 | 0.10% | 2023-03-28 | 2024-11-21 |