CVE-2025-9383
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9383
EUVD
EUVD-2025-25641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fnkvision y215 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects the FNKvision Y215 CCTV Camera, where user passwords are stored using a weak DES-based crypt() hashing algorithm in the /etc/passwd file. Because DES-based hashes are outdated and weak, attackers with local access can quickly crack these hashes through brute-force attacks, especially given the limited password space. This allows them to recover passwords rapidly and potentially gain unauthorized access to the device. [1, 2]


How can this vulnerability impact me? :

If exploited, this vulnerability can lead to unauthorized access to the FNKvision Y215 CCTV Camera due to rapid password recovery from weak hashes. Although exploitation requires local access and is considered difficult, once compromised, an attacker could potentially control or manipulate the device, impacting security and privacy. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the /etc/passwd file on the FNKvision Y215 CCTV Camera device to check if the stored password hashes use the weak DES-based crypt() algorithm. Since exploitation requires local access, detection involves accessing the device locally and examining the password hashes. A command such as `cat /etc/passwd` can be used to view the password entries. Additionally, tools that analyze password hash strength can be used to identify DES-based hashes. There are no specific network detection commands since the attack is local only. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting local access to the FNKvision Y215 CCTV Camera to trusted personnel only, as exploitation requires local environment access. Since no patches or vendor mitigations are available and the vendor did not respond, it is recommended to consider replacing the affected device with a more secure alternative. Monitoring for any suspicious local activity is also advised. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart