CVE-2025-9381
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9381
EUVD
EUVD-2025-25640
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fnkvision y215_cctv_camera 10.194.120.40
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the FNKvision Y215 CCTV Camera involves sensitive network credentials, such as Wi-Fi SSID and passwords, being stored in plaintext within configuration files like /tmp/wpa_supplicant.conf. An attacker with physical access to the device can manipulate or access these files, leading to unauthorized disclosure of sensitive information. Exploitation is difficult due to required physical access and authentication steps, but a proof-of-concept exploit is publicly available. [1, 2]

Impact Analysis

If exploited, this vulnerability can lead to exposure of sensitive network credentials stored on the device, potentially allowing unauthorized access to the network or device. This compromises the confidentiality of the device's data and may enable further attacks on the network or connected systems. However, exploitation requires physical access and is considered difficult. [1, 2]

Detection Guidance

This vulnerability requires local physical access to the FNKvision Y215 CCTV Camera device. Detection involves accessing the device's filesystem, particularly checking for the presence of plaintext Wi-Fi credentials in files such as /tmp/wpa_supplicant.conf and system/param/network.ini. Commands to inspect these files on the device (assuming shell access) could include: `cat /tmp/wpa_supplicant.conf` and `cat system/param/network.ini` to view stored credentials. Since exploitation requires physical access and authentication, network-based detection is not applicable. [1, 2]

Mitigation Strategies

Immediate mitigation steps include physically securing the device to prevent unauthorized access, as exploitation requires local physical access and authentication. Since no vendor patches or countermeasures are currently available, it is recommended to replace the affected FNKvision Y215 CCTV Camera with an alternative product to eliminate the risk of information disclosure. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart