CVE-2025-9383
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9383
EUVD
EUVD-2025-25641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fnkvision y215 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the FNKvision Y215 CCTV Camera, where user passwords are stored using a weak DES-based crypt() hashing algorithm in the /etc/passwd file. Because DES-based hashes are outdated and weak, attackers with local access can quickly crack these hashes through brute-force attacks, especially given the limited password space. This allows them to recover passwords rapidly and potentially gain unauthorized access to the device. [1, 2]

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to the FNKvision Y215 CCTV Camera due to rapid password recovery from weak hashes. Although exploitation requires local access and is considered difficult, once compromised, an attacker could potentially control or manipulate the device, impacting security and privacy. [1, 2]

Detection Guidance

This vulnerability can be detected by inspecting the /etc/passwd file on the FNKvision Y215 CCTV Camera device to check if the stored password hashes use the weak DES-based crypt() algorithm. Since exploitation requires local access, detection involves accessing the device locally and examining the password hashes. A command such as `cat /etc/passwd` can be used to view the password entries. Additionally, tools that analyze password hash strength can be used to identify DES-based hashes. There are no specific network detection commands since the attack is local only. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the FNKvision Y215 CCTV Camera to trusted personnel only, as exploitation requires local environment access. Since no patches or vendor mitigations are available and the vendor did not respond, it is recommended to consider replacing the affected device with a more secure alternative. Monitoring for any suspicious local activity is also advised. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart