CVE-2023-1518
Description
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior leak sensitive credentials due to insufficient protection, allowing local attackers to control the CCTV system.
Vulnerability
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior contain a vulnerability where sensitive credentials are insufficiently protected (CWE-522). The affected software is a management platform for CCTV systems [1].
Exploitation
An attacker with local access and low privileges can exploit this vulnerability to retrieve the unprotected credentials. No user interaction is required [1]. The attack complexity is low, and the attacker must have local access to the system [1].
Impact
Successful exploitation allows an attacker to retrieve sensitive credentials and potentially gain control over the entire CCTV system. The CVSS score of 7.8 reflects a high impact on confidentiality, integrity, and availability, leading to full compromise of the affected system [1].
Mitigation
As of the report date, the vendor CP Plus has not responded to CISA’s requests to mitigate this vulnerability. No fix is available from the vendor. Users are advised to contact CP Plus customer support for additional information and to follow defensive measures such as minimizing network exposure, using firewalls, and employing secure remote access methods like VPNs [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.