CVE-2026-9274
CWE-312Published: May 25, 2026· Updated: May 26, 2026
Official Description
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device.
Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Technical Analysis
CVE-2026-9274 requires local access, meaning attackers must already have a foothold on the target system.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-312)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-9274 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts