CVE-2025-9380 in Y215 CCTV Camerainfo

Summary

by MITRE • 08/24/2025

A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 08/24/2025

The vulnerability identified in FNKvision Y215 CCTV Camera presents a critical security flaw within the device's firmware implementation that directly impacts the system's authentication mechanisms. This issue specifically targets the /etc/passwd file which serves as a fundamental component in Unix-like operating systems for user account management and authentication. The presence of hard-coded credentials within this critical system file represents a severe configuration weakness that undermines the device's overall security posture and exposes it to potential unauthorized access. The vulnerability manifests through manipulation of the firmware's file system where the device's authentication credentials are improperly embedded within the system configuration rather than being dynamically generated or properly secured.

The technical exploitation of this vulnerability requires local access to the device, indicating that an attacker must first gain physical or network-level access to the camera system before they can manipulate the /etc/passwd file. This prerequisite significantly reduces the attack surface compared to remotely exploitable vulnerabilities but does not eliminate the threat entirely. The fact that the exploit is publicly available and potentially weaponized means that any attacker with local access can leverage this weakness to establish persistent unauthorized access to the device. The hard-coded nature of the credentials implies that these authentication tokens remain static and unchanged throughout the device's operational lifecycle, creating a persistent backdoor that can be discovered and utilized by any attacker who gains local access to the system.

From an operational impact perspective, this vulnerability compromises the integrity and confidentiality of the surveillance system that the camera represents. The presence of hard-coded credentials in the firmware undermines the trust model that security-conscious organizations rely upon for their security infrastructure. The device's authentication mechanism becomes fundamentally weak and predictable, allowing attackers to potentially access video feeds, modify camera settings, or even use the device as a pivot point to attack other systems within the network. This vulnerability directly violates security best practices outlined in the CWE database under categories related to hardcoded credentials and improper credential management. The attack surface expands beyond simple unauthorized access to include potential data exfiltration, surveillance disruption, and compromise of the entire security infrastructure that relies on this camera for monitoring purposes.

The lack of vendor response to early disclosure attempts represents a significant concern in the cybersecurity community and indicates potential gaps in the security supply chain for IoT devices. This absence of vendor engagement creates a dangerous precedent where vulnerable devices continue to be deployed without proper remediation, exposing organizations to known threats. The vulnerability's classification aligns with ATT&CK framework techniques related to credential access and privilege escalation, where attackers can leverage hardcoded credentials to establish persistent access within network environments. Organizations deploying such surveillance equipment should implement immediate mitigations including network segmentation, regular security assessments, and firmware update procedures to address this vulnerability. The public availability of exploitation tools for this specific weakness further amplifies the risk, as it enables both skilled and unskilled attackers to exploit the vulnerability without requiring advanced technical knowledge or significant resources.

The broader implications of this vulnerability extend beyond the immediate device compromise to highlight systemic issues in IoT security implementation and vendor accountability. The presence of hardcoded credentials in embedded systems represents a fundamental flaw in the security design process that should be addressed through proper secure coding practices and regular security audits. This vulnerability serves as a reminder of the critical importance of maintaining updated firmware and implementing robust access controls for security infrastructure devices. Organizations should consider implementing additional security measures such as network monitoring, intrusion detection systems, and regular vulnerability assessments to identify and remediate similar weaknesses in their security infrastructure. The incident also underscores the need for improved communication channels between security researchers and vendors to ensure timely resolution of identified vulnerabilities and prevent exploitation of known weaknesses in deployed systems.

Responsible

VulDB

Disclosure

08/24/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00132

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!