CVE-2025-9380
BaseFortify
Publication date: 2025-08-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fnkvision | y215 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9380 is a critical vulnerability in the FNKvision Y215 CCTV Camera firmware where hardcoded root credentials are embedded within multiple binaries (encoder and wifidaemon). These credentials are used to automatically recreate the /etc/passwd file, granting root-level shell access. The root password is weakly hashed and can be cracked quickly. Additionally, the device has an undocumented backdoor triggered by a specific file on an SD card that launches a Telnet daemon accessible with these credentials. This allows attackers with local or physical access to gain full control over the device. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers to gain unauthorized root access to the FNKvision Y215 CCTV Camera, enabling full control over the device. Attackers can exploit hardcoded credentials to bypass authentication, access sensitive information such as Wi-Fi passwords stored in plaintext, and use the SD card backdoor to remotely access the device via Telnet. This compromises the confidentiality, integrity, and availability of the device, potentially allowing surveillance tampering, network infiltration, and persistent unauthorized access. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by checking for the presence of hardcoded root credentials in the device firmware and binaries, specifically the encoder and wifidaemon binaries. On the device, you can inspect the /etc/passwd file for unusual entries such as the username 'vstarcam2017'. Additionally, searching for the presence of the file 's1_rf_test_config' on any inserted SD card can indicate the Telnet backdoor activation. Commands to assist detection include: 1) Using strings or grep on firmware binaries to find hardcoded credentials, e.g., `strings encoder | grep vstarcam2017`; 2) Checking /etc/passwd for the hardcoded user: `cat /etc/passwd | grep vstarcam2017`; 3) Checking for Telnet daemon running: `ps aux | grep telnetd`; 4) Inspecting SD card for backdoor trigger file: `ls /mnt/sdcard/s1_rf_test_config`. Also, examining Wi-Fi configuration files for plaintext credentials: `cat /tmp/wpa_supplicant.conf` or `cat system/param/network.ini`. UART access can be used to verify root login capability if physical access is available. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting local physical access to the device to prevent exploitation of the hardcoded credentials and SD card backdoor; 2) Removing or disabling the Telnet daemon if possible, especially by ensuring no 's1_rf_test_config' file is present on any SD card; 3) Changing default network configurations and isolating the device on a separate network segment to limit exposure; 4) Monitoring for unauthorized access attempts; 5) Considering replacing the affected FNKvision Y215 CCTV Camera with a more secure alternative, as no vendor patches or countermeasures are currently available. Since the vulnerability requires local access and exploits hardcoded credentials, physical security and network segmentation are critical immediate defenses. [2, 3]