Home

Description

EN DE

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Veränderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexität eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde veröffentlicht und kann verwendet werden.

PUBLISHED Reserved 2025-08-23 | Published 2025-08-24 | Updated 2025-08-25 | Assigner VulDB




LOW: 1.0CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 1.6CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
LOW: 1.6CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
0.8AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Information Disclosure

Improper Access Controls

Product status

10.194.120.40
affected

Timeline

2025-08-23:Advisory disclosed
2025-08-23:VulDB entry created
2025-08-23:VulDB entry last update

Credits

Hypernyan (VulDB User) reporter

References

vuldb.com/?id.321214 (VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure) vdb-entry

vuldb.com/?ctiid.321214 (VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.629811 (Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File) third-party-advisory

vorachat.somsuay.com/blog/Hacking CCTV FNKvision - Y215 related

vorachat.somsuay.com/blog/Hacking CCTV FNKvision - Y215/ exploit

cve.org (CVE-2025-9381)

nvd.nist.gov (CVE-2025-9381)

Download JSON