<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with the victim's privileges, exposure or manipulation of sensitive data, and degradation of overall system integrity.</strong></p> <p>The following versions of CP Plus 8 Ch. Network Video Recorder are affected:</p> <ul> <li>CP-UNR-108F1 Hardware V1.0</li> <li>CP-UNR-108F1 Web V3.2.7.128806 </li> <li>CP-UNR-108F1 System V4.001.00AT009.0.R </li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.4</td> <td>CP Plus</td> <td>CP Plus 8 Ch. Network Video Recorder</td> <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities, Critical Manufacturing, Emergency Services</li> <li><strong>Countries/Areas Deployed: </strong>India, Nepal, United Arab Emirates, Gambia</li> <li><strong>Company Headquarters Location: </strong>India</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-6824</a></h3> <div class="csaf-accordion-content"> <p>A stored Cross-Site Scripting (XSS) vulnerability exists in certain 1xxx seri
CRITICAL
advisories
CP Plus 8 Ch. Network Video Recorder
CyberHawk Threat Intel — IOC Scanner, Live IOC Feed (3.6M+ indicators), Infostealer Intelligence, Threat Map, MISP Feeds, GitHub Arsenal, Courses and more. Free to join.
Register Free →
Source Attribution
This intelligence summary is sourced from CISA Advisories and curated by CyberHawk Threat Intel for the security community. Read the complete article at the source link.
Read original at CISA Advisories →
This intelligence summary is sourced from CISA Advisories and curated by CyberHawk Threat Intel for the security community. Read the complete article at the source link.
Read original at CISA Advisories →
Accelerate Your Security Operations
CyberHawk Threat Intel is a complete Cyber Intelligence Platform — one place for every tool a security professional needs. Built by Rudra Verma, Senior Security Architect at CyberHawk Consultancy.
IOC Scanner — scan any domain, IP, hash, URL
Live IOC Feed — 3.6M+ indicators, filterable
Infostealer Intelligence — live compromised creds
Live Threat Map — real-time global attack vectors
MISP Threat Feeds — CIRCL, Feodo, Botvrij, more
GitHub Arsenal — curated security tools and scripts
Security Blog — CVE advisories and threat research
Video Courses — cybersecurity training and education
SOPs and Playbooks — SecOps procedures
Analyst Library — references and toolkits
Scan Reports — historical threat intelligence
Cyber News — this feed, aggregated in-platform