CP Plus 8 Ch. Network Video Recorder

HIGH

CVSS 8.4

Date 2026-05-28T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with the victim's privileges, exposure or manipulation of sensitive data, and degradation of overall system integrity.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2026-6824	8.4	high	A stored Cross-Site Scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft.

// Remediations (5)

Mitigation: CP-UNR-AxxxMars_PN_15_Q_00_V1.00.14.01.T.260326 which can be downloaded at https://drive.google.com/

CP-UNR-AxxxMars_PN_15_Q_00_V1.00.14.01.T.260326 which can be downloaded at https://drive.google.com/file/d/1Ctxdp55UtlrQY7CSepkImM9zFgdcuCyL/view

Mitigation: Phone: +91-8800952952

Phone: +91-8800952952

Mitigation: For firmware access and upgrade instructions, please contact support at:

For firmware access and upgrade instructions, please contact support at:

Mitigation: CP Plus recommends updating the firmware on the device to the latest firmware version.

CP Plus recommends updating the firmware on the device to the latest firmware version.

Mitigation: Email: [email protected]

Email: [email protected]

CP Plus 8 Ch. Network Video Recorder

// Description

// Vulnerabilities (1)

// Remediations (5)

// References