Vulnerability in CP Plus NVR Product Exposes Sensitive Data and Enables Man-in-the-Middle Attacks
CVE-2024-54847

5.9MEDIUM

Key Information:

Vendor: CP Plus
Vendor: CVE Published:; 10 January 2025

What is CVE-2024-54847?

An identified vulnerability in the CP Plus CP-VNR-3104 model allows for unauthorized access to Diffie-Hellman (DH) parameters. This situation could permit attackers to intercept and decrypt sensitive data, potentially leading to further exploitation through man-in-the-middle attacks. Users of this NVR system should be aware of this serious oversight that compromises data security and take necessary precautions.

References

https://payatu.com/blog/solving-the-problem-of-encrypted-...

https://nvd.nist.gov/vuln/detail/CVE-2023-3817

https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnera...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2025

CVE-2024-54847 Data

JSON