CP Plus 8 Ch. Network Video Recorder
Summary
A stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-6824, has been identified in CP Plus 8 Ch. Network Video Recorder devices. Successful exploitation allows attackers to inject malicious scripts that execute in the browser of authenticated users, potentially leading to session hijacking and data theft.
IFF Assessment
This vulnerability allows for unauthorized script execution and potential session hijacking, posing a direct threat to user sessions and system integrity.
Severity
The CVSS score of 8.4 (High) reflects the severity of this stored XSS vulnerability, which allows for attacker-controlled scripts to be persistently stored and executed in the browser of authenticated users, enabling session hijacking and unauthorized actions.
Defender Context
This vulnerability affects Network Video Recorders (NVRs) used in critical infrastructure sectors, emphasizing the need for defenders to secure IoT devices. Organizations should prioritize patching or applying vendor-recommended mitigations for affected CP Plus NVR models to prevent unauthorized access and data compromise.