Vulnerability Summary

TVN Number: TVN-202601002 CVE Identifier: CVE-2026-0853 CVSS Score: 5.3 (Medium) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor: A-Plus Video Technologies Product: NVR Affected Models: AP-RM864P, AP-RM864, AP-RM832P, AP-RM832, AP-RM816, AP-BS416, AP-BS408, AP-BS404 Vulnerable Versions: Firmware 2.1.0 and earlier Patched Version: Firmware 2.2.0 or later

Vulnerability Details

CVE-2026-0853: Sensitive Data Exposure

CVSS Score: 5.3 (Medium)

A-Plus Video Technologies NVR devices contain an authentication bypass flaw. The issue allows unauthenticated remote attackers to access the debug page and obtain device status information without requiring credentials or user interaction.

Attack Vector: Network Privileges Required: None User Interaction: None Scope: Unchanged Impact: Low confidentiality impact

Impact

Unauthenticated attackers can access debug pages to obtain device status information, system configurations, and potentially sensitive operational data. While not allowing direct control, this information disclosure can aid reconnaissance for further attacks.

Remediation

Update to firmware 2.2.0 or later.

Timeline

• Public Disclosure: January 12, 2026

References

• TWCERT/CC Advisory
• CVE-2026-0853

Metadata

• Source: TWCERT/CC
• Feed ID: rss-139
• Language: English
• Confidence: High