Shodan
Vulnerabilities
Vulnerable Software
Cpplusworld:  Security Vulnerabilities
CVE-2025-44039
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-05-13
CVE-2024-54847
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-10
CVE-2024-54848
Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-01-10
CVE-2024-54849
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-10
CVE-2024-54846
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-10
CVE-2023-3705
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-24
CVE-2023-3704
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-08-24
CVE-2023-1518
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.  
CVSS Score
7.8
EPSS Score
0.001
Published
2023-03-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved