CVE-2025-9381 (GCVE-0-2025-9381)

Vulnerability from cvelistv5 – Published: 2025-08-24 07:32 – Updated: 2025-08-25 20:23
VLAI?
Title
FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure
Summary
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
1 (Low)
CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
1.6 (Low)
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
1.6 (Low)
CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CWE
Assigner
References
Impacted products
Vendor Product Version
FNKvision Y215 CCTV Camera Affected: 10.194.120.40
Create a notification for this product.
Credits
Hypernyan (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9381",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T20:23:45.525160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T20:23:54.454Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Y215 CCTV Camera",
          "vendor": "FNKvision",
          "versions": [
            {
              "status": "affected",
              "version": "10.194.120.40"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Hypernyan (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack\u0027s complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Ver\u00e4nderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 1.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 1.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 0.8,
            "vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-24T07:32:06.722Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.321214"
        },
        {
          "name": "VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321214"
        },
        {
          "name": "Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.629811"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-23T17:05:20.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9381",
    "datePublished": "2025-08-24T07:32:06.722Z",
    "dateReserved": "2025-08-23T15:00:08.288Z",
    "dateUpdated": "2025-08-25T20:23:54.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9381\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-24T08:15:27.250\",\"lastModified\":\"2025-08-25T20:24:45.327\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack\u0027s complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una falla de seguridad en la c\u00e1mara CCTV FNKvision Y215 10.194.120.40. Esta afecta a una parte desconocida del archivo /tmp/wpa_supplicant.conf. La manipulaci\u00f3n da como resultado la divulgaci\u00f3n de informaci\u00f3n. El ataque podr\u00eda ejecutarse en el dispositivo f\u00edsico. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. El exploit se ha publicado y podr\u00eda ser explotado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.0,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":1.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:M/C:P/I:N/A:N\",\"baseScore\":0.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.2,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.321214\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.321214\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.629811\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9381\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-25T20:23:45.525160Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-25T20:23:50.027Z\"}}], \"cna\": {\"title\": \"FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Hypernyan (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 1.6, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 1.6, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 0.8, \"vectorString\": \"AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"FNKvision\", \"product\": \"Y215 CCTV Camera\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.194.120.40\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-23T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-23T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-08-23T17:05:20.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.321214\", \"name\": \"VDB-321214 | FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.321214\", \"name\": \"VDB-321214 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.629811\", \"name\": \"Submit #629811 | FNKvision Y215 CCTV Camera 10.194.120.40 Plaintext Password in Configuration File\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215\", \"tags\": [\"related\"]}, {\"url\": \"https://vorachat.somsuay.com/blog/Hacking%20CCTV%20FNKvision%20-%20Y215/#vulnerability-2-ssid-and-wi-fi-password-stored-in-plaintext\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack\u0027s complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"In FNKvision Y215 CCTV Camera 10.194.120.40 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /tmp/wpa_supplicant.conf. Die Ver\\u00e4nderung resultiert in information disclosure. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Die Ausnutzung wurde ver\\u00f6ffentlicht und kann verwendet werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"Information Disclosure\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-08-24T07:32:06.722Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9381\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-25T20:23:54.454Z\", \"dateReserved\": \"2025-08-23T15:00:08.288Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-24T07:32:06.722Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.