CVE-2024-54848

CVE-2024-54848 is a vulnerability stemming from improper handling and storage of certificates in the CP Plus CP-VNR-3104 network video recorder running firmware version B3223P22C02424. This issue, mapped to CWE-295 (Improper Certificate Validation), enables potential decryption of communications and carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to significant confidentiality and integrity impacts.

Remote network-based attackers with no required privileges or user interaction can exploit this vulnerability, though it demands high attack complexity. Exploitation allows adversaries to decrypt protected communications or perform man-in-the-middle attacks, compromising the secrecy and integrity of data transmitted to or from the affected device.

References for further details include a security assessment PDF on GitHub (https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf), CAPEC attack pattern 233 (https://capec.mitre.org/data/definitions/233), an NVD entry for CVE-2021-21551 (https://nvd.nist.gov/vuln/detail/CVE-2021-21551), and a blog on encrypted firmware challenges (https://payatu.com/blog/solving-the-problem-of-encrypted-firmware/). No specific patch or mitigation guidance is detailed in the provided CVE information.