Skip to main content

FNKvision Y215 Camera CVE-2025-9380

HIGH
Use of Hard-coded Password (CWE-259)
2025-08-24 cna@vuldb.com
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Apr 29, 2026 - 01:16 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 29, 2026 - 01:11 vuln.today
cvss_changed
CVSS changed
Apr 29, 2026 - 01:11 NVD
8.5 (HIGH) 7.1 (HIGH)
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
CVE Published
Aug 24, 2025 - 07:15 nvd
HIGH 8.5

DescriptionCVE.org

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Hard-coded root credentials in FNKvision Y215 CCTV Camera firmware (version 10.194.120.40) allow local authenticated attackers with low privileges to escalate to root access, achieving complete system compromise. Public exploit code demonstrates credential extraction from firmware binaries. EPSS score of 0.01% (2nd percentile) indicates minimal observed scanning activity despite public POC availability, likely due to the local access requirement limiting remote mass exploitation. CISA KEV does not list this CVE, suggesting no confirmed widespread active exploitation targeting these IoT cameras.

Technical ContextAI

This vulnerability stems from CWE-259 (Use of Hard-coded Password), a critical security anti-pattern in embedded systems. The FNKvision Y215 camera firmware stores root credentials directly in the /etc/passwd file and multiple compiled binaries, violating secure credential management principles. Hard-coded credentials in IoT/CCTV devices are persistent across all deployed units with identical firmware versions, creating a universal authentication bypass once discovered. The CVSS 4.0 vector (AV:L/AC:L/PR:L) indicates local attack vector with low complexity, requiring an attacker to first gain low-privileged local access to the device before exploiting the hard-coded credentials for privilege escalation. Unlike network services, the /etc/passwd file is accessible only to users with existing shell access or physical firmware extraction capabilities, which constrains the attack surface to scenarios where attackers have already compromised the device at a lower privilege level or have physical access for firmware dumping.

Affected ProductsAI

FNKvision Y215 CCTV Camera running firmware version 10.194.120.40 is confirmed affected per researcher disclosure at vorachat.somsuay.com. The vulnerability exists in the device firmware component managing /etc/passwd and multiple compiled binaries where root credentials are hard-coded. No CPE string is available in NVD data. Vendor FNKvision did not respond to vulnerability disclosure attempts, and no vendor security advisory exists. Other firmware versions of the Y215 model or other FNKvision camera models may be affected if they share the same firmware codebase, but this has not been independently confirmed.

RemediationAI

No vendor-released patch identified at time of analysis - FNKvision did not respond to researcher disclosure. Primary mitigations require manual intervention: (1) Replace affected FNKvision Y215 cameras with alternative products from vendors with active security support programs, recommended for high-security deployments. (2) Network segmentation: isolate cameras on dedicated VLAN with no internet access and strict firewall rules allowing only authenticated video management system (VMS) connections; trade-off is reduced remote accessibility and increased network complexity. (3) Physical security controls: restrict physical access to camera installation locations and network infrastructure to prevent firmware extraction or console access; effectiveness depends on facility security maturity. (4) Monitor authentication logs for anomalous root login attempts from unexpected sources, though hard-coded credentials make attribution difficult. (5) Implement network-based behavioral monitoring to detect post-exploitation activity (unusual outbound connections, lateral movement). Compensating controls cannot eliminate the vulnerability but reduce exploitation likelihood by controlling the local access prerequisite. Organizations should assess risk tolerance and consider device replacement if the deployment context enables the local access vector required for exploitation.

Share

CVE-2025-9380 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy