CVE-2024-54848

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-54848
Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://capec.mitre.org/data/definitions/233 Technical Description
https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-21551 Not Applicable
https://payatu.com/blog/solving-the-problem-of-encrypted-firmware/ Technical Description Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:b3223p22c02424:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*
History

02 Oct 2025, 16:59

Type Values Removed Values Added
Summary (es) El manejo y almacenamiento inadecuados de certificados en CP Plus CP-VNR-3104 B3223P22C02424 permiten a los atacantes descifrar las comunicaciones o ejecutar ataques de tipo "man-in-the-middle". (es) La gestión y almacenamiento inadecuados de certificados en CP Plus CP-VNR-3104 B3223P22C02424 permiten a los atacantes descifrar las comunicaciones o ejecutar ataques de tipo "man-in-the-middle".
CPE cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*
cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:b3223p22c02424:*:*:*:*:*:*:*
First Time Cpplusworld cp-vnr-3104
Cpplusworld
Cpplusworld cp-vnr-3104 Firmware
References () https://capec.mitre.org/data/definitions/233 - () https://capec.mitre.org/data/definitions/233 - Technical Description
References () https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf - () https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf - Third Party Advisory
References () https://nvd.nist.gov/vuln/detail/CVE-2021-21551 - () https://nvd.nist.gov/vuln/detail/CVE-2021-21551 - Not Applicable
References () https://payatu.com/blog/solving-the-problem-of-encrypted-firmware/ - () https://payatu.com/blog/solving-the-problem-of-encrypted-firmware/ - Technical Description, Exploit, Third Party Advisory

13 Jan 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.4
Summary
  • (es) El manejo y almacenamiento inadecuados de certificados en CP Plus CP-VNR-3104 B3223P22C02424 permiten a los atacantes descifrar las comunicaciones o ejecutar ataques de tipo "man-in-the-middle".
CWE CWE-295

10 Jan 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-10 17:15

Updated : 2025-10-02 16:59

NVD link : CVE-2024-54848

Mitre link : CVE-2024-54848

CVE.ORG link : CVE-2024-54848

JSON object : View

Products Affected

cpplusworld

  • cp-vnr-3104
  • cp-vnr-3104_firmware
CWE
CWE-295

Improper Certificate Validation