CVE-2025-9381
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9381
EUVD
EUVD-2025-25640
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fnkvision y215_cctv_camera 10.194.120.40
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the FNKvision Y215 CCTV Camera involves sensitive network credentials, such as Wi-Fi SSID and passwords, being stored in plaintext within configuration files like /tmp/wpa_supplicant.conf. An attacker with physical access to the device can manipulate or access these files, leading to unauthorized disclosure of sensitive information. Exploitation is difficult due to required physical access and authentication steps, but a proof-of-concept exploit is publicly available. [1, 2]


How can this vulnerability impact me? :

If exploited, this vulnerability can lead to exposure of sensitive network credentials stored on the device, potentially allowing unauthorized access to the network or device. This compromises the confidentiality of the device's data and may enable further attacks on the network or connected systems. However, exploitation requires physical access and is considered difficult. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability requires local physical access to the FNKvision Y215 CCTV Camera device. Detection involves accessing the device's filesystem, particularly checking for the presence of plaintext Wi-Fi credentials in files such as /tmp/wpa_supplicant.conf and system/param/network.ini. Commands to inspect these files on the device (assuming shell access) could include: `cat /tmp/wpa_supplicant.conf` and `cat system/param/network.ini` to view stored credentials. Since exploitation requires physical access and authentication, network-based detection is not applicable. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include physically securing the device to prevent unauthorized access, as exploitation requires local physical access and authentication. Since no vendor patches or countermeasures are currently available, it is recommended to replace the affected FNKvision Y215 CCTV Camera with an alternative product to eliminate the risk of information disclosure. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart