汇总 cpplusworld 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 输入验证问题与路径处理缺陷 等问题,部分漏洞可能导致 异常行为,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-44039 | CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication. | [email protected] | 5.1 | 0.07% | 2025-05-13 | 2025-07-11 |
| CVE-2024-54849 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.33% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54848 | Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | [email protected] | 7.4 | 0.37% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54847 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.25% | 2025-01-10 | 2025-10-02 |
| CVE-2024-54846 | An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | [email protected] | 5.9 | 0.25% | 2025-01-10 | 2025-10-02 |
| CVE-2023-3705 | The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | [email protected] | 7.5 | 0.25% | 2023-08-24 | 2024-11-21 |
| CVE-2023-3704 | The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | [email protected] | 5.3 | 0.06% | 2023-08-24 | 2024-11-21 |
| CVE-2023-1518 | CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected. | [email protected] | 7.8 | 0.10% | 2023-03-28 | 2024-11-21 |